Custom Sign-in Pages Solution Guide
Transcript of Custom Sign-in Pages Solution Guide
Secure Access
Custom Sign-in Pages Solution Guide
Release
Published: 2010-06-03
Part Number: , Revision 1
Copyright © 2010, Juniper Networks, Inc.
Juniper Networks, Inc.1194 North Mathilda AvenueSunnyvale, California 94089USA408-745-2000www.juniper.net
This product includes the Envoy SNMP Engine, developed by Epilogue Technology, an Integrated Systems Company. Copyright © 1986-1997,Epilogue Technology Corporation. All rights reserved. This program and its documentation were developed at private expense, and no partof them is in the public domain.
This product includes memory allocation software developed by Mark Moraes, copyright © 1988, 1989, 1993, University of Toronto.
This product includes FreeBSD software developed by the University of California, Berkeley, and its contributors. All of the documentationand software included in the 4.4BSD and 4.4BSD-Lite Releases is copyrighted by the Regents of the University of California. Copyright ©1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994. The Regents of the University of California. All rights reserved.
GateD software copyright © 1995, the Regents of the University. All rights reserved. Gate Daemon was originated and developed throughrelease 3.0 by Cornell University and its collaborators. Gated is based on Kirton’s EGP, UC Berkeley’s routing daemon (routed), and DCN’sHELLO routing protocol. Development of Gated has been supported in part by the National Science Foundation. Portions of the GateDsoftware copyright © 1988, Regents of the University of California. All rights reserved. Portions of the GateD software copyright © 1991, D.L. S. Associates.
This product includes software developed by Maker Communications, Inc., copyright © 1996, 1997, Maker Communications, Inc.
Juniper Networks, Junos, Steel-Belted Radius, NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the UnitedStates and other countries. The Juniper Networks Logo, the Junos logo, and JunosE are trademarks of Juniper Networks, Inc. All othertrademarks, service marks, registered trademarks, or registered service marks are the property of their respective owners.
Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify,transfer, or otherwise revise this publication without notice.
Products made or sold by Juniper Networks or components thereof might be covered by one or more of the following patents that areowned by or licensed to Juniper Networks: U.S. Patent Nos. 5,473,599, 5,905,725, 5,909,440, 6,192,051, 6,333,650, 6,359,479, 6,406,312,6,429,706, 6,459,579, 6,493,347, 6,538,518, 6,538,899, 6,552,918, 6,567,902, 6,578,186, and 6,590,785.
Secure Access Deployment Scenarios Guide
Revision History2010—Revised for SA release 7.0.
The information in this document is current as of the date listed in the revision history.
Copyright © 2010, Juniper Networks, Inc.ii
ENDUSER LICENSE AGREEMENT
READ THIS ENDUSER LICENSE AGREEMENT (“AGREEMENT”) BEFORE DOWNLOADING, INSTALLING, ORUSING THE SOFTWARE.BY DOWNLOADING, INSTALLING, OR USING THE SOFTWARE OR OTHERWISE EXPRESSING YOUR AGREEMENT TO THE TERMSCONTAINED HEREIN, YOU (AS CUSTOMER OR IF YOU ARE NOT THE CUSTOMER, AS A REPRESENTATIVE/AGENT AUTHORIZED TOBIND THE CUSTOMER) CONSENT TO BE BOUND BY THIS AGREEMENT. IF YOU DO NOT OR CANNOT AGREE TO THE TERMS CONTAINEDHEREIN, THEN (A) DO NOT DOWNLOAD, INSTALL, OR USE THE SOFTWARE, AND (B) YOU MAY CONTACT JUNIPER NETWORKSREGARDING LICENSE TERMS.
1. The Parties. The parties to this Agreement are (i) Juniper Networks, Inc. (if the Customer’s principal office is located in the Americas) orJuniper Networks (Cayman) Limited (if the Customer’s principal office is located outside the Americas) (such applicable entity being referredto herein as “Juniper”), and (ii) the person or organization that originally purchased from Juniper or an authorized Juniper reseller the applicablelicense(s) for use of the Software (“Customer”) (collectively, the “Parties”).
2. The Software. In this Agreement, “Software” means the program modules and features of the Juniper or Juniper-supplied software, forwhich Customer has paid the applicable license or support fees to Juniper or an authorized Juniper reseller, or which was embedded byJuniper in equipment which Customer purchased from Juniper or an authorized Juniper reseller. “Software” also includes updates, upgradesand new releases of such software. “Embedded Software” means Software which Juniper has embedded in or loaded onto the Juniperequipment and any updates, upgrades, additions or replacements which are subsequently embedded in or loaded onto the equipment.
3. LicenseGrant.Subject to payment of the applicable fees and the limitations and restrictions set forth herein, Juniper grants to Customera non-exclusive and non-transferable license, without right to sublicense, to use the Software, in executable form only, subject to thefollowing use restrictions:
a. Customer shall use Embedded Software solely as embedded in, and for execution on, Juniper equipment originally purchased byCustomer from Juniper or an authorized Juniper reseller.
b. Customer shall use the Software on a single hardware chassis having a single processing unit, or as many chassis or processing unitsfor which Customer has paid the applicable license fees; provided, however, with respect to the Steel-Belted Radius or Odyssey AccessClient software only, Customer shall use such Software on a single computer containing a single physical random access memory spaceand containing any number of processors. Use of the Steel-Belted Radius or IMS AAA software on multiple computers or virtual machines(e.g., Solaris zones) requires multiple licenses, regardless of whether such computers or virtualizations are physically contained on a singlechassis.
c. Product purchase documents, paper or electronic user documentation, and/or the particular licenses purchased by Customer mayspecify limits to Customer’s use of the Software. Such limits may restrict use to a maximum number of seats, registered endpoints, concurrentusers, sessions, calls, connections, subscribers, clusters, nodes, realms, devices, links, ports or transactions, or require the purchase ofseparate licenses to use particular features, functionalities, services, applications, operations, or capabilities, or provide throughput,performance, configuration, bandwidth, interface, processing, temporal, or geographical limits. In addition, such limits may restrict the useof the Software to managing certain kinds of networks or require the Software to be used only in conjunction with other specific Software.Customer’s use of the Software shall be subject to all such limitations and purchase of all applicable licenses.
d. For any trial copy of the Software, Customer’s right to use the Software expires 30 days after download, installation or use of theSoftware. Customer may operate the Software after the 30-day trial period only if Customer pays for a license to do so. Customer may notextend or create an additional trial period by re-installing the Software after the 30-day trial period.
e. The Global Enterprise Edition of the Steel-Belted Radius software may be used by Customer only to manage access to Customer’senterprise network. Specifically, service provider customers are expressly prohibited from using the Global Enterprise Edition of theSteel-Belted Radius software to support any commercial network access services.
The foregoing license is not transferable or assignable by Customer. No license is granted herein to any user who did not originally purchasethe applicable license(s) for the Software from Juniper or an authorized Juniper reseller.
4. Use Prohibitions. Notwithstanding the foregoing, the license provided herein does not permit the Customer to, and Customer agreesnot to and shall not: (a) modify, unbundle, reverse engineer, or create derivative works based on the Software; (b) make unauthorizedcopies of the Software (except as necessary for backup purposes); (c) rent, sell, transfer, or grant any rights in and to any copy of theSoftware, in any form, to any third party; (d) remove any proprietary notices, labels, or marks on or in any copy of the Software or any productin which the Software is embedded; (e) distribute any copy of the Software to any third party, including as may be embedded in Juniperequipment sold in the secondhand market; (f) use any ‘locked’ or key-restricted feature, function, service, application, operation, or capabilitywithout first purchasing the applicable license(s) and obtaining a valid key from Juniper, even if such feature, function, service, application,operation, or capability is enabled without a key; (g) distribute any key for the Software provided by Juniper to any third party; (h) use the
iiiCopyright © 2010, Juniper Networks, Inc.
Software in any manner that extends or is broader than the uses purchased by Customer from Juniper or an authorized Juniper reseller; (i)use Embedded Software on non-Juniper equipment; (j) use Embedded Software (or make it available for use) on Juniper equipment thatthe Customer did not originally purchase from Juniper or an authorized Juniper reseller; (k) disclose the results of testing or benchmarkingof the Software to any third party without the prior written consent of Juniper; or (l) use the Software in any manner other than as expresslyprovided herein.
5. Audit. Customer shall maintain accurate records as necessary to verify compliance with this Agreement. Upon request by Juniper,Customer shall furnish such records to Juniper and certify its compliance with this Agreement.
6. Confidentiality. The Parties agree that aspects of the Software and associated documentation are the confidential property of Juniper.As such, Customer shall exercise all reasonable commercial efforts to maintain the Software and associated documentation in confidence,which at a minimum includes restricting access to the Software to Customer employees and contractors having a need to use the Softwarefor Customer’s internal business purposes.
7. Ownership. Juniper and Juniper’s licensors, respectively, retain ownership of all right, title, and interest (including copyright) in and tothe Software, associated documentation, and all copies of the Software. Nothing in this Agreement constitutes a transfer or conveyanceof any right, title, or interest in the Software or associated documentation, or a sale of the Software, associated documentation, or copiesof the Software.
8. Warranty, Limitation of Liability, Disclaimer ofWarranty. The warranty applicable to the Software shall be as set forth in the warrantystatement that accompanies the Software (the “Warranty Statement”). Nothing in this Agreement shall give rise to any obligation to supportthe Software. Support services may be purchased separately. Any such support shall be governed by a separate, written support servicesagreement. TO THE MAXIMUM EXTENT PERMITTED BY LAW, JUNIPER SHALL NOT BE LIABLE FOR ANY LOST PROFITS, LOSS OF DATA,OR COSTS OR PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES, OR FOR ANY SPECIAL, INDIRECT, OR CONSEQUENTIAL DAMAGESARISING OUT OF THIS AGREEMENT, THE SOFTWARE, OR ANY JUNIPER OR JUNIPER-SUPPLIED SOFTWARE. IN NO EVENT SHALL JUNIPERBE LIABLE FOR DAMAGES ARISING FROM UNAUTHORIZED OR IMPROPER USE OF ANY JUNIPER OR JUNIPER-SUPPLIED SOFTWARE.EXCEPT AS EXPRESSLY PROVIDED IN THE WARRANTY STATEMENT TO THE EXTENT PERMITTED BY LAW, JUNIPER DISCLAIMS ANYAND ALL WARRANTIES IN AND TO THE SOFTWARE (WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE), INCLUDING ANYIMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NONINFRINGEMENT. IN NO EVENT DOESJUNIPER WARRANT THAT THE SOFTWARE, OR ANY EQUIPMENT OR NETWORK RUNNING THE SOFTWARE, WILL OPERATE WITHOUTERROR OR INTERRUPTION, OR WILL BE FREE OF VULNERABILITY TO INTRUSION OR ATTACK. In no event shall Juniper’s or its suppliers’or licensors’ liability to Customer, whether in contract, tort (including negligence), breach of warranty, or otherwise, exceed the price paidby Customer for the Software that gave rise to the claim, or if the Software is embedded in another Juniper product, the price paid byCustomer for such other product. Customer acknowledges and agrees that Juniper has set its prices and entered into this Agreement inreliance upon the disclaimers of warranty and the limitations of liability set forth herein, that the same reflect an allocation of risk betweenthe Parties (including the risk that a contract remedy may fail of its essential purpose and cause consequential loss), and that the sameform an essential basis of the bargain between the Parties.
9. Termination. Any breach of this Agreement or failure by Customer to pay any applicable fees due shall result in automatic terminationof the license granted herein. Upon such termination, Customer shall destroy or return to Juniper all copies of the Software and relateddocumentation in Customer’s possession or control.
10. Taxes. All license fees payable under this agreement are exclusive of tax. Customer shall be responsible for paying Taxes arising fromthe purchase of the license, or importation or use of the Software. If applicable, valid exemption documentation for each taxing jurisdictionshall be provided to Juniper prior to invoicing, and Customer shall promptly notify Juniper if their exemption is revoked or modified. Allpayments made by Customer shall be net of any applicable withholding tax. Customer will provide reasonable assistance to Juniper inconnection with such withholding taxes by promptly: providing Juniper with valid tax receipts and other required documentation showingCustomer’s payment of any withholding taxes; completing appropriate applications that would reduce the amount of withholding tax tobe paid; and notifying and assisting Juniper in any audit or tax proceeding related to transactions hereunder. Customer shall comply withall applicable tax laws and regulations, and Customer will promptly pay or reimburse Juniper for all costs and damages related to anyliability incurred by Juniper as a result of Customer’s non-compliance or delay with its responsibilities herein. Customer’s obligations underthis Section shall survive termination or expiration of this Agreement.
11. Export. Customer agrees to comply with all applicable export laws and restrictions and regulations of any United States and anyapplicable foreign agency or authority, and not to export or re-export the Software or any direct product thereof in violation of any suchrestrictions, laws or regulations, or without all necessary approvals. Customer shall be liable for any such violations. The version of theSoftware supplied to Customer may contain encryption or other capabilities restricting Customer’s ability to export the Software withoutan export license.
Copyright © 2010, Juniper Networks, Inc.iv
12. Commercial Computer Software. The Software is “commercial computer software” and is provided with restricted rights. Use,duplication, or disclosure by the United States government is subject to restrictions set forth in this Agreement and as provided in DFARS227.7201 through 227.7202-4, FAR 12.212, FAR 27.405(b)(2), FAR 52.227-19, or FAR 52.227-14(ALT III) as applicable.
13. Interface Information. To the extent required by applicable law, and at Customer's written request, Juniper shall provide Customerwith the interface information needed to achieve interoperability between the Software and another independently created program, onpayment of applicable fee, if any. Customer shall observe strict obligations of confidentiality with respect to such information and shall usesuch information in compliance with any applicable terms and conditions upon which Juniper makes such information available.
14. Third Party Software.Any licensor of Juniper whose software is embedded in the Software and any supplier of Juniper whose productsor technology are embedded in (or services are accessed by) the Software shall be a third party beneficiary with respect to this Agreement,and such licensor or vendor shall have the right to enforce this Agreement in its own name as if it were Juniper. In addition, certain third partysoftware may be provided with the Software and is subject to the accompanying license(s), if any, of its respective owner(s). To the extentportions of the Software are distributed under and subject to open source licenses obligating Juniper to make the source code for suchportions publicly available (such as the GNU General Public License (“GPL”) or the GNU Library General Public License (“LGPL”)), Juniperwill make such source code portions (including Juniper modifications, as appropriate) available upon request for a period of up to threeyears from the date of distribution. Such request can be made in writing to Juniper Networks, Inc., 1194 N. Mathilda Ave., Sunnyvale, CA
94089, ATTN: General Counsel. You may obtain a copy of the GPL at http://www.gnu.org/licenses/gpl.html, and a copy of the LGPL
at http://www.gnu.org/licenses/lgpl.html .
15. Miscellaneous. This Agreement shall be governed by the laws of the State of California without reference to its conflicts of lawsprinciples. The provisions of the U.N. Convention for the International Sale of Goods shall not apply to this Agreement. For any disputesarising under this Agreement, the Parties hereby consent to the personal and exclusive jurisdiction of, and venue in, the state and federalcourts within Santa Clara County, California. This Agreement constitutes the entire and sole agreement between Juniper and the Customerwith respect to the Software, and supersedes all prior and contemporaneous agreements relating to the Software, whether oral or written(including any inconsistent terms contained in a purchase order), except that the terms of a separate written agreement executed by anauthorized Juniper representative and Customer shall govern to the extent such terms are inconsistent or conflict with terms containedherein. No modification to this Agreement nor any waiver of any rights hereunder shall be effective unless expressly assented to in writingby the party to be charged. If any portion of this Agreement is held invalid, the Parties agree that such invalidity shall not affect the validityof the remainder of this Agreement. This Agreement and associated documentation has been written in the English language, and theParties agree that the English version will govern. (For Canada: Les parties aux présentés confirment leur volonté que cette convention demême que tous les documents y compris tout avis qui s'y rattaché, soient redigés en langue anglaise. (Translation: The parties confirm thatthis Agreement and all related documentation is and will be in the English language)).
vCopyright © 2010, Juniper Networks, Inc.
Abbreviated Table of Contents
Front Part . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xix
Part 1 Custom Sign-in Pages
Chapter 1 Custom sign-in pages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Part 2 Index
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163
viiCopyright © 2010, Juniper Networks, Inc.
Table of Contents
Front Part . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xix
Related Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xix
Document Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xix
Requesting Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xx
Self-Help Online Tools and Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xx
Opening a Case with JTAC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xx
Part 1 Custom Sign-in Pages
Chapter 1 Custom sign-in pages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Downloadable Zip Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Adding Custom Help Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Using the Template Toolkit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
How Secure Access Uses the Template Toolkit . . . . . . . . . . . . . . . . . . . . . . . . 13
Testing Your Custom Pages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Understanding the Template Toolkit Language . . . . . . . . . . . . . . . . . . . . . . . . 16
Template Comments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Accessing and Updating Variables and Files . . . . . . . . . . . . . . . . . . . . . . . . . . 18
GET Directive . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
SET Directive . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
getText Directive . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Creating Conditional Statements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Conditional Operators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
IF and ELSIF Directives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
SWITCH and CASE Directives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Creating Looping Constructs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Unsupported Directives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Getting Familiar with the Template Page Structure . . . . . . . . . . . . . . . . . . . . 24
CGI Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Using Templates from the samples.zip File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Customizing Look-and-Feel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Required Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Displaying Custom Logos . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Simplifying the Code in the Sample Templates . . . . . . . . . . . . . . . . . . . . . . . . 27
Version Directive . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Comment Section . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Header Tags . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Copyright and Footer Tags . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Page Banner . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Processing LoginPage.thtml . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
ixCopyright © 2010, Juniper Networks, Inc.
Using Cascading Style Sheets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Embedding CSS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Attaching a Standalone CSS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Working with Standalone Network Connect . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Customizing Error Handling and Navigation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Redirecting Based on Any and All Errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Redirecting Based on Specific Errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Defining Error Message Locations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Customizing Error Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Localizing Custom Sign-In Pages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Creating a Localized Set of Custom Sign-In Pages . . . . . . . . . . . . . . . . . . . . . 41
Upgrade Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Custom Templates Reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
<failedPolicy> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
<failedPolicy>.name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
<failedPolicy>.remediation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
action . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
activex_ini . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
AnonymousAuthentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
applet_ini . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
appstr . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
authenticate() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
autocomplete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Cancel.thtml . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Cancel-ppc.thtml . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
cboxuser . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
ccInAcTimeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
ccRunning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
cert_md5 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
CertificateAuthentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
changePasswordTitle . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
check . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
checkActiveX() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
color . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
Continue . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
cval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
Defender.thtml . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
Defender-ppc.thtml . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
delivery_mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
DoUnload() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
ExceededConcurrent.thtml . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
ExceededConcurrent-ppc.thtml . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
expired . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
FILTER verbatim . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
FinishLoad() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
focus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
FriendlyTime . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
frmCasque . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
frmLogin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Copyright © 2010, Juniper Networks, Inc.x
SA Series Custom Sign-in Pages
frmNextToken . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
frmSelectRoles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
g_time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
gCancelNewPinMode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
gCancelNextTokenMode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
geckoBrowser . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
GeneratePin.thtml . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
GeneratePin-ppc.thtml . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
GetCookieValue() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
grab() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
GraceLoginsRemaining . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
GraceLoginUsed.thtml . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
GraceLoginUsed-ppc.thtml . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
HC_REMED_POLICIES_CHECK . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
HC_REMED_SHOW_ADV_PREFS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
hcInAcTimeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
hcRunning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
heading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
help_on . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
HideRemed( ) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Home . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
ie . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
ie_winxp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
instanceId . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
instructions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
isLinux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
isSAMEnabled . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
keyboard.js . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
labelInstructions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
listFailedPolicies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
loading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
locale . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
loginmode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
Login() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
LoginMeeting.thtml . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
LoginPage.thtml . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
LoginPage-ppc.thtml . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
LoginPageErrorArgs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
LoginPageErrorCode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
LoginPageErrorMessage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
login_required . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
Logout.thtml . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
Logout-ppc.thtml . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
MeetingAppletInstaller.thtml . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
MeetingRun.thtml . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
MeetingRunJava.thtml . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
meetings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
xiCopyright © 2010, Juniper Networks, Inc.
Table of Contents
MeetingSelect.thtml . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
MeetingTestJava.thtml . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
MeetingTestJS.thtml . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
MeetingTestMSJava.thtml . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
MeetingTestResult.thtml . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
MeetingTrouble.thtml . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
message . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
mid . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
mid_param . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
midStr . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
MinimumPasswordLength . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
msg . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94
nc_logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
ncp_read_timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
netacekey . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
netesecid_key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
netesecid_loginmode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
netesecid_pinerr . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
netesecid_realm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
netesecid_username . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
netesecidactionCancel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
netesecidactionEnter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
Netscape4xx . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
NewPin.thtml . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
NewPin-ppc.thtml . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
NextToken.thtml . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
NextToken-ppc.thtml . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
occurrence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
onsubmit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
p . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
PageErrorArgs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
PageErrorCode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
params . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
password2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
PasswordChange.thtml . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
PasswordChange-ppc.thtml . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
PasswordComplexityMessage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
PasswordExpiration.thtml . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
PasswordExpiration-ppc.thtml . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
PasswordExpirationFriendlyTime . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
PasswordExpirationSeconds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
PasswordHistoryLength . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
pleasewait . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
PleaseWait.thtml . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
PleaseWait-ppc.thtml . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
pleasewaitLogoutJSCode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
PleaseWaitObjectCC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
Copyright © 2010, Juniper Networks, Inc.xii
SA Series Custom Sign-in Pages
PleaseWaitObjectHC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
pleasewaitWin32 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114
plugintype . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114
portal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
prompts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
realm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
realm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
RealmList . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
recallLastRealmUsed() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118
redirect() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
Remediate.thtml . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
Remediate-ppc.thtml . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
remedy1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
remedy2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
RoleList . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
rows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
runOnLoad . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
safari . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
secid_challenge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
secidcontextid . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
secid_contextid . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
secid_loginmode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
secid_pinerr . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
secid_pinformat . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
secid_pinselectmode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
secid_systempin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
secid_username . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
secidactionSavePin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
secidpinformat . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
secidpinselectmode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
SecondaryLoginPage.thtml . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
SecondaryLoginPage-ppc.thtml . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
SelectRole.thtml . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
SelectRole-ppc.thtml . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
setFailed() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130
setFinished . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130
SetLastRealm() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
setStarted() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
setSucceeded() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132
setthankyou() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132
setup_classid . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132
setup_codebase . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
Setupappversion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
setup_codebase . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
showButtons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
showChangePasswordTitle . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135
showClose . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135
showContinue . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136
showHeading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136
xiiiCopyright © 2010, Juniper Networks, Inc.
Table of Contents
showLoading . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
showRemedOption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
showPolicies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
ShowSystemPin.thtml . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138
ShowSystemPin-ppc.thtml . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138
showTryAgain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138
signinAgain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
signInLink . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
SM-NewPinSelect.thtml . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140
SM-NewPinSelect-ppc.thtml . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140
SM-NewPinSystem.thtml . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140
SM-NewPinSystem-ppc.thtml . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141
SM-NewUserPin.thtml . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141
SM-NewUserPin-ppc.thtml . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
SM-NextToken.thtml . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
SM-NextToken-ppc.thtml . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143
softid_error . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143
softid_time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
SSL.thtml . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
SSL-ppc.thtml . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144
Start_onclick() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
Start_onclick_java() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145
start_status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
StartCC() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
StartHC() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
startPageLink . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
startSessionReDir . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
stopComponents() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
SubmitClicked() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149
submitFrmCasque() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149
testjava_ini . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150
textClose . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150
textContinue . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151
textRemedOption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151
textTryAgain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152
thankyou() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152
troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
TryAgain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
tz_offset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
uninstall_action . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155
Uninstall_applet() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155
Uninstall_onclick() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156
uninstallReDir . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156
UninstallCC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156
upAndRunning() . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
username . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
warnings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158
Copyright © 2010, Juniper Networks, Inc.xiv
SA Series Custom Sign-in Pages
welcome . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158
win32 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158
Part 2 Index
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163
xvCopyright © 2010, Juniper Networks, Inc.
Table of Contents
List of Tables
Front Part . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xix
Table 1: Notice Icons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xix
Part 1 Custom Sign-in Pages
Chapter 1 Custom sign-in pages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Table 2: Required Templates in Each Zip . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Table 3: English Values of Common Variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Table 4: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Table 5: PIN usage indicators . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Table 6: Login Error Messages, Codes, and Related Notes . . . . . . . . . . . . . . . . . . . 81
Table 7: Additional Login Error Messages and Codes . . . . . . . . . . . . . . . . . . . . . . . 86
Table 8: PIN Error Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
Table 9: Additional PIN Error Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
Table 10: PIN Error Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
Table 11: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
Table 12: Page Error Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
Table 13: New PIN Assignment Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141
Table 14: New PIN Assignment Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
xviiCopyright © 2010, Juniper Networks, Inc.
Front Part
• Related Documentation on page xix
• Document Conventions on page xix
• Requesting Technical Support on page xx
Related Documentation
• To download a PDF version of the Secure Access Administration Guide, go to the Secure
Access/SSL VPN Product Documentation page of the Juniper Networks Customer
Support Center.
• For information about the changes that Secure Access clients make to client computers,
including installed files and registry changes, and for information about the rights
required to install and run Secure Access clients, refer to the Client-side Changes Guide.
• For information on how to develop Web applications that are compliant with the Secure
Access Content Intermediation Engine, refer to the Content Intermediation Engine Best
Practices Guide.
Document Conventions
Table 1 on page xix defines notice icons used in this guide.
Table 1: Notice Icons
DescriptionMeaningIcon
Indicates important features or instructions.Informational note
Indicates a situation that might result in loss of data or hardware damage.Caution
Alerts you to the risk of personal injury or death.Warning
Alerts you to the risk of personal injury from a laser.Laser warning
xixCopyright © 2010, Juniper Networks, Inc.
Requesting Technical Support
Technical product support is available through the Juniper Networks Technical Assistance
Center (JTAC). If you are a customer with an active J-Care or JNASC support contract,
or are covered under warranty, and need post-sales technical support, you can access
our tools and resources online or open a case with JTAC.
• JTAC policies—For a complete understanding of our JTAC procedures and policies,
review the JTAC User Guide located at
http://www.juniper.net/us/en/local/pdf/resource-guides/7100059-en.pdf .
• Product warranties—For product warranty information, visit
http://www.juniper.net/support/warranty/ .
• JTAC hours of operation—The JTAC centers have resources available 24 hours a day,
7 days a week, 365 days a year.
Self-Help Online Tools and Resources
For quick and easy problem resolution, Juniper Networks has designed an online
self-service portal called the Customer Support Center (CSC) that provides you with the
following features:
• Find CSC offerings: http://www.juniper.net/customers/support/
• Search for known bugs: http://www2.juniper.net/kb/
• Find product documentation: http://www.juniper.net/techpubs/
• Find solutions and answer questions using our Knowledge Base: http://kb.juniper.net/
• Download the latest versions of software and review release notes:
http://www.juniper.net/customers/csc/software/
• Search technical bulletins for relevant hardware and software notifications:
https://www.juniper.net/alerts/
• Join and participate in the Juniper Networks Community Forum:
http://www.juniper.net/company/communities/
• Open a case online in the CSC Case Management tool: http://www.juniper.net/cm/
To verify service entitlement by product serial number, use our Serial Number Entitlement
(SNE) Tool: https://tools.juniper.net/SerialNumberEntitlementSearch/
Opening a Casewith JTAC
You can open a case with JTAC on the Web or by telephone.
• Use the Case Management tool in the CSC at http://www.juniper.net/cm/ .
• Call 1-888-314-JTAC (1-888-314-5822 toll-free in the USA, Canada, and Mexico).
For international or direct-dial options in countries without toll-free numbers, see
http://www.juniper.net/support/requesting-support.html .
Copyright © 2010, Juniper Networks, Inc.xx
SA Series Custom Sign-in Pages
PART 1
Custom Sign-in Pages
• Custom sign-in pages on page 3
1Copyright © 2010, Juniper Networks, Inc.
CHAPTER 1
Custom sign-in pages
The customizable sign-in pages feature enables you to personalize the look-and-feel of
the pre-authentication, password management, and Secure Meeting pages that Secure
Access presents to administrators and end-users. The tasks you can accomplish include:
• Customizing the presentation style using CSS or table-based design
• Customizing error message text
• Redirecting traffic to non-Secure Access pages based on error codes
• Localizing custom sign-in pages in supported languages
• Adding custom HTML help
Secure Access ships with several complete sets of sample custom sign-in pages that
you can modify to suit your particular look-and-feel and behavior. You can download
these files from Secure Access. This document describes the files, their uses, and how
to modify them. Secure Access contains these files in .zip file format. You can download
the zip files from the Authentication > Signing In > Sign-in pages > Upload customsign-in pages page.
You can achieve a good understanding of the process of modifying and uploading your
custom sign-in pages by reading through this document completely before attempting
to perform the customization. When you feel you have a comprehensive understanding
of what is involved, you should consider downloading the samples.zip file and modifying
one or two pages first, just to test your understanding. There is a strong likelihood that
you will want to apply a similar look and feel to all of the pages, which you can accomplish
fairly simply, if you follow the directions provided in this document. Other tasks, such as
redirecting traffic based on errors may require more skill and time.
Custom sign-in pages can potentially require a large amount of memory and disk space.
In order to provide custom sign-in pages per IVS, we recommend you customize the
sample custom sign-in pages provided with Secure Access.
You can find the following topics in this document:
• Downloadable Zip Files on page 10
• Adding Custom Help Files on page 13
• Using the Template Toolkit on page 13
3Copyright © 2010, Juniper Networks, Inc.
• Using Templates from the samples.zip File on page 25
• Customizing Error Handling and Navigation on page 39
• Localizing Custom Sign-In Pages on page 40
• Upgrade Considerations on page 41
• Custom Templates Reference on page 42
• <failedPolicy> on page 43
• <failedPolicy>.name on page 43
• <failedPolicy>.remediation on page 44
• action on page 44
• activex_ini on page 44
• AnonymousAuthentication on page 45
• applet_ini on page 45
• appstr on page 46
• authenticate() on page 46
• autocomplete on page 48
• Cancel.thtml on page 49
• Cancel-ppc.thtml on page 49
• cboxuser on page 49
• ccInAcTimeout on page 50
• ccRunning on page 50
• cert_md5 on page 51
• CertificateAuthentication on page 51
• changePasswordTitle on page 52
• check on page 52
• checkActiveX() on page 53
• color on page 54
• Continue on page 55
• cval on page 55
• Defender.thtml on page 56
• Defender-ppc.thtml on page 56
• delivery_mode on page 56
• DoUnload() on page 57
• ExceededConcurrent.thtml on page 57
• ExceededConcurrent-ppc.thtml on page 58
• expired on page 58
• FILTER verbatim on page 59
• FinishLoad() on page 59
Copyright © 2010, Juniper Networks, Inc.4
SA Series Custom Sign-in Pages
• focus on page 60
• FriendlyTime on page 61
• frmCasque on page 61
• frmLogin on page 61
• frmNextToken on page 62
• frmSelectRoles on page 62
• g_time on page 63
• gCancelNewPinMode on page 63
• gCancelNextTokenMode on page 63
• geckoBrowser on page 64
• GeneratePin.thtml on page 64
• GeneratePin-ppc.thtml on page 65
• GetCookieValue() on page 65
• grab() on page 66
• GraceLoginsRemaining on page 67
• GraceLoginUsed.thtml on page 67
• GraceLoginUsed-ppc.thtml on page 68
• HC_REMED_POLICIES_CHECK on page 68
• HC_REMED_SHOW_ADV_PREFS on page 68
• hcInAcTimeout on page 69
• hcRunning on page 69
• heading on page 70
• help on page 70
• help_on on page 71
• HideRemed( ) on page 71
• Home on page 72
• ie on page 72
• ie_winxp on page 72
• install on page 73
• instanceId on page 73
• instructions on page 73
• isLinux on page 74
• isSAMEnabled on page 74
• keyboard.js on page 75
• labelInstructions on page 75
• listFailedPolicies on page 76
• loading on page 76
5Copyright © 2010, Juniper Networks, Inc.
Chapter 1: Custom sign-in pages
• locale on page 76
• loginmode on page 77
• Login() on page 77
• LoginMeeting.thtml on page 78
• LoginPage.thtml on page 79
• LoginPage-ppc.thtml on page 80
• LoginPageErrorArgs on page 80
• LoginPageErrorCode on page 81
• LoginPageErrorMessage on page 84
• login_required on page 84
• Logout.thtml on page 85
• Logout-ppc.thtml on page 86
• MeetingAppletInstaller.thtml on page 87
• MeetingRun.thtml on page 88
• MeetingRunJava.thtml on page 88
• meetings on page 89
• MeetingSelect.thtml on page 89
• MeetingTestJava.thtml on page 90
• MeetingTestJS.thtml on page 90
• MeetingTestMSJava.thtml on page 91
• MeetingTestResult.thtml on page 91
• MeetingTrouble.thtml on page 91
• message on page 92
• mid on page 92
• mid_param on page 93
• midStr on page 93
• MinimumPasswordLength on page 94
• msg on page 94
• nc_logging on page 95
• ncp_read_timeout on page 95
• netacekey on page 95
• netesecid_key on page 96
• netesecid_loginmode on page 96
• netesecid_pinerr on page 97
• netesecid_realm on page 97
• netesecid_username on page 98
• netesecidactionCancel on page 98
Copyright © 2010, Juniper Networks, Inc.6
SA Series Custom Sign-in Pages
• netesecidactionEnter on page 98
• Netscape4xx on page 99
• NewPin.thtml on page 99
• NewPin-ppc.thtml on page 100
• NextToken.thtml on page 101
• NextToken-ppc.thtml on page 101
• occurrence on page 102
• onsubmit on page 102
• p on page 103
• PageErrorArgs on page 103
• PageErrorCode on page 103
• params on page 105
• password on page 105
• password on page 106
• password2 on page 106
• PasswordChange.thtml on page 107
• PasswordChange-ppc.thtml on page 107
• PasswordComplexityMessage on page 108
• PasswordExpiration.thtml on page 108
• PasswordExpiration-ppc.thtml on page 109
• PasswordExpirationFriendlyTime on page 109
• PasswordExpirationSeconds on page 109
• PasswordHistoryLength on page 110
• pleasewait on page 110
• PleaseWait.thtml on page 111
• PleaseWait-ppc.thtml on page 111
• pleasewaitLogoutJSCode on page 112
• PleaseWaitObjectCC on page 113
• PleaseWaitObjectHC on page 113
• pleasewaitWin32 on page 114
• plugintype on page 114
• portal on page 115
• prompts on page 115
• realm on page 116
• realm on page 117
• RealmList on page 117
• recallLastRealmUsed() on page 118
7Copyright © 2010, Juniper Networks, Inc.
Chapter 1: Custom sign-in pages
• redirect() on page 119
• Remediate.thtml on page 119
• Remediate-ppc.thtml on page 120
• remedy1 on page 121
• remedy2 on page 121
• RoleList on page 121
• rows on page 122
• runOnLoad on page 122
• safari on page 123
• secid_challenge on page 123
• secidcontextid on page 123
• secid_contextid on page 124
• secid_loginmode on page 124
• secid_pinerr on page 125
• secid_pinformat on page 125
• secid_pinselectmode on page 126
• secid_systempin on page 126
• secid_username on page 126
• secidactionSavePin on page 127
• secidpinformat on page 127
• secidpinselectmode on page 128
• SecondaryLoginPage.thtml on page 128
• SecondaryLoginPage-ppc.thtml on page 128
• SelectRole.thtml on page 129
• SelectRole-ppc.thtml on page 129
• setFailed() on page 130
• setFinished on page 130
• SetLastRealm() on page 131
• setStarted() on page 131
• setSucceeded() on page 132
• setthankyou() on page 132
• setup_classid on page 132
• setup_codebase on page 133
• Setupappversion on page 133
• setup_codebase on page 134
• showButtons on page 134
• showChangePasswordTitle on page 135
Copyright © 2010, Juniper Networks, Inc.8
SA Series Custom Sign-in Pages
• showClose on page 135
• showContinue on page 136
• showHeading on page 136
• showLoading on page 137
• showRemedOption on page 137
• showPolicies on page 137
• ShowSystemPin.thtml on page 138
• ShowSystemPin-ppc.thtml on page 138
• showTryAgain on page 138
• signinAgain on page 139
• signInLink on page 139
• SM-NewPinSelect.thtml on page 140
• SM-NewPinSelect-ppc.thtml on page 140
• SM-NewPinSystem.thtml on page 140
• SM-NewPinSystem-ppc.thtml on page 141
• SM-NewUserPin.thtml on page 141
• SM-NewUserPin-ppc.thtml on page 142
• SM-NextToken.thtml on page 142
• SM-NextToken-ppc.thtml on page 143
• softid_error on page 143
• softid_time on page 144
• SSL.thtml on page 144
• SSL-ppc.thtml on page 144
• Start_onclick() on page 145
• Start_onclick_java() on page 145
• start_status on page 146
• StartCC() on page 146
• StartHC() on page 147
• started on page 147
• startPageLink on page 147
• startSessionReDir on page 148
• stopComponents() on page 148
• SubmitClicked() on page 149
• submitFrmCasque() on page 149
• testjava_ini on page 150
• textClose on page 150
• textContinue on page 151
9Copyright © 2010, Juniper Networks, Inc.
Chapter 1: Custom sign-in pages
• textRemedOption on page 151
• textTryAgain on page 152
• thankyou() on page 152
• troubleshooting on page 153
• TryAgain on page 153
• type on page 154
• tz_offset on page 154
• uninstall_action on page 155
• Uninstall_applet() on page 155
• Uninstall_onclick() on page 156
• uninstallReDir on page 156
• UninstallCC on page 156
• upAndRunning() on page 157
• username on page 157
• warnings on page 158
• welcome on page 158
• win32 on page 158
Downloadable Zip Files
Although each zip file contains all the templates, each zip file is for a particular set of
features:
• Sample.zip—This zip file is for standard Secure Access pages, including standard
Secure Access pre-authentication pages, ACE pre-authentication pages, ACE
pre-authentication pages for use with eTrust SiteMinder, and password management
pages.
• SoftID.zip—This zip file is for use with the RSA Soft ID client.
• Kiosk.zip—This zip file is for use by kiosk users or for any system in which you want to
lock out keyboard-based login.
• Meeting.zip—This zip file is for pre-authentication and post-authentication pages for
use by Secure Meeting attendees.
Copyright © 2010, Juniper Networks, Inc.10
SA Series Custom Sign-in Pages
NOTE: Youmay customize all the pages listed here for Pocket PC—the Pocket PCtemplates are identical to the other templates contained in this zip file, except thatthey are customized for a smaller viewing area and you are not required to add any ofthem to the zip file. All Pocket PC templates use the same names as their full screencounterparts, except that “ppc” is added to their filenames. For example, the full screen
sign-inpage template isnamedLoginPage.thtmland itsPocketPCcounterpart isnamed
LoginPage-ppc.thtml. For information about a Pocket PC template, see the section
about its corresponding full screen template.
Certain templates are required when uploading the zip files. If you do not include these
required templates, a warning message appears. “Custom sign-in pages” on page 3 lists
the required templates for each zip file.
Table 2: Required Templates in Each Zip
Meeting.zipSoftID.zip(ACE)Kiosk.zipSamples.zip
RRRCancel.thtml
RDefender.thtml
Rds.css
RRRExceededConcurrent.thtml
RRRGeneratePin.thtml
RGeneratePin-ppc.thtml
RGraceLoginUsed.thtml
Rkeyboard.js
RLoginMeeting.thtml
RRRLoginPage.thtml
RLoginPage-ppc.thtml
RRRLogout.thtml
RMeetingAppletInstaller.thtml
RMeetingRun.thtml
RMeetingRunJava.thtml
11Copyright © 2010, Juniper Networks, Inc.
Chapter 1: Custom sign-in pages
Table 2: Required Templates in Each Zip (continued)
Meeting.zipSoftID.zip(ACE)Kiosk.zipSamples.zip
RMeetingSelect.thtml
RMeetingTestJava.thtml
RMeetingTestJS.thtml
RMeetingTestMSJava.thtml
RMeetingTestResult.thtml
RMeetingTrouble.thtml
RRRNewPin.thtml
RRRNextToken.thtml
RnextToken-ppc.thtml
RPasswordChange.thtml
RPasswordExpiration.thtml
RRRPleaseWait.thtml
RPleaseWait-ppc.thtml
RRRemediate.thtml
RRRemediate-ppc.thtml
RSecondaryLoginPage.thtml
RRSelectRole.thtml
RRShowSystemPin.thtml
RShowSystemPin-ppc.thtml
RSM-NewPinSelect.thtml
RSM-NewPinSystem.thtml
RSM-NewUserPin.thtml
RSM-NextToken.thtml
Copyright © 2010, Juniper Networks, Inc.12
SA Series Custom Sign-in Pages
Table 2: Required Templates in Each Zip (continued)
Meeting.zipSoftID.zip(ACE)Kiosk.zipSamples.zip
RRRSSL.thtml
NOTE: Table 2 on page 11 does not include the Pocket PC templates. The Pocket PCtemplates follow the same distribution as their counterparts as listed in Table 2 onpage 11.
To customize Secure Access pages, you must use the Template Toolkit language. For
more information, see “Understanding the Template Toolkit Language” on page 16.
For information on how to internationalize custom sign-in pages, see “Localizing Custom
Sign-In Pages” on page 40.
Adding CustomHelp Files
You can add custom help files by creating your own HTML help files and linking them to
the custom sign-in pages. You can easily add links to the basic HTML in the custom sign-in
pages.
If you add customized online Help to your custom sign-in pages, you must set the
destination URL to point to a .html file, not a .thtml file. For example, in the following
input statement, the help file, help.html, should not have a .thtml extension:
<input type='submit' name='help' value="Help"onclick='window.open("=<%Home%>/imgs/help.html","wndHelp","height=400,width=500,resizeable=yes,scrollbars=yes");return false;'>
If you use the .thtml extension, theHelp link on the custom sign-in page returns an error.
Using the Template Toolkit
The Template Toolkit is an open source software package written in Perl, that enables
you to build and replicate Web pages using a special-purpose language. The Template
Toolkit language is simple and easy to learn.
HowSecure Access Uses the Template Toolkit
Secure Access system software recognizes the Template Toolkit directives and is
pre-configured to process templates. Secure Access processes templates into .html files,
which it then displays as administrator Web console pages or as end-user Web pages.
You cannot change all of the generated Web pages, but you can customize the ones
noted in this topic. You can also modify a variety of presentation items on theUIOptionspage in the administrative Web console.
13Copyright © 2010, Juniper Networks, Inc.
Chapter 1: Custom sign-in pages
The Template Toolkit processing utilities transform template source files into complete
HTML files. The source files are a combination of HTML and Template Toolkit directives.
The source files carry a user-defined extension, but Secure Access recognizes the file
extension of .thtml. Processed files typically carry a .html file extension.
NOTE: When creating customized sign-in pages, save them as UTF-i.
Testing Your CustomPages
There are two ways to test your custom pages:
• Using the Template Toolkit utilities you have installed locally.
• Uploading customized files to Secure Access.
If you are customizing just one or two of the sample template files, you might find it
easiest to upload the files to Secure Access. If you do not have access to a test system,
or if you are customizing many of the sample template files or making significant changes
to those files, you may want to install and configure the Template Toolkit on your local
machine.
Setting up the Template Toolkit Locally
You can install the Template Toolkit on your local system. Because it is a Perl application,
you need a Perl distribution on your system before you install the Template Toolkit. If
you run a Linux or Mac OS X system, you probably already have a Perl distribution on
your system. If you run a Windows system, you may need to install the ActiveState
ActivePerl distribution, which you can find at http://www.activestate.com/.
If you prefer, you can install Cygwin, which allows you to run UNIX programs in a virtual
environment on your Windows system. You can download Cygwin from
http://sourceware.org/cygwin/.
It is likely that you will need to download the latest version of the Perl AppConfig module,
which allows your Perl applications to read and process configuration files. You can find
the latest version of AppConfig athttp://www.cpan.org/modules/by-module/AppConfig/.
You can find a gzip-tar archive of the latest version of the Template Toolkit at
http://www.cpan.org/modules/by-module/Template/.
Follow these steps:
1. Download, install, and configure Perl, ActivePerl, or Cygwin, depending on the type
of operating system you are running, and your personal requirements.
2. Download, install, and configure AppConfig.
3. Download, install, and configure the Template Toolkit.
Copyright © 2010, Juniper Networks, Inc.14
SA Series Custom Sign-in Pages
NOTE: The Template Toolkit distribution includes a number of useful documents. Youshould print the INSTALL document and read it closely. Youmust perform a numberof configuration steps as detailed in the INSTALL document. If you try to perform thesteps as described in INSTALL, but have not performed the requisite configuration, theinstallation fails. Fortunately, you can go back and perform the configuration steps youmissed or performed incorrectly, and try to install again, until the installation succeeds.
After you have successfully installed and configured the Template Toolkit, you can
generate HTML files from the sample templates that are available on Secure Access.
Secure Access is pre-configured to process Template Toolkit files and many of the Secure
Access components are not available on your local system. Therefore, you are unable
to run the Template Toolkit in exactly the same way or to obtain the same exact results.
However, you can simulate the processing closely enough to test the presentation. You
will encounter the following limitations:
• You can only test the presentation of the sample templates on your local system. You
cannot test the actual pre-authentication logic unless you upload the files to a Secure
Access system.
• You must do one of the following:
• Use the Template Toolkit [%TAGS%] directive to change any new directives so
that they use the angle bracket tokens<%%>) used in the Juniper Networks sample
templates.
• Use the standard Template Toolkit tokens ([%%]) and when satisfied with the
presentation, modify them to angle bracket tokens (<%%>) before uploading to
Secure Access.
• The Template Toolkit provides two command-line utilities for processing template
files: tpage, which enables you to process a single template at a time, and ttree,
which enables you to process an entire directory of template files. Although you can
use the ttree utility, Secure Access uses a proprietary process that simulates the
tpage utility, and so, you may find your final results more effective by using tpage
only.
Downloading Sample Templates and Uploading Files to Secure Access
Your other option for testing customized template files is to upload the files to Secure
Access. Although this may be a bit tedious, if you are only customizing a handful of pages,
you might find it easier than setting up the Template Toolkit environment on your local
system.
NOTE: The total combined size of all uploaded customizable zip files can not exceed12MB.
To make sure you can view the customized pages, you must perform these procedures.
To download the sample templates:
15Copyright © 2010, Juniper Networks, Inc.
Chapter 1: Custom sign-in pages
1. Sign in to Secure Access as an administrator.
2. Select Signing In > Sign In > Sign-in pages.
3. ClickUpload CustomPages.
4. Download one or more of the sample template files.
5. Unzip the files on your local system.
To customize and upload the new templates:
1. Customize the files, as you like.
2. Add the files to a new zip file.
NOTE: When creating your zip file, zip only the template files. Do not include the folderthat contains the templates in the zip file.
3. On theUpload CustomSign-In Pages page, enter a name for the template files.
This is a label that is used to identify the pages when you associate them with a
specific URL.
4. Select the page type.
5. Click Browse to locate the new zip file containing your customized files.
6. ClickUpload CustomPages.
If you want your end-users to be able to see the new templates, you need to associate
the templates, using the label you assigned to them, with a URL that you specify for a
given role.
To associate the templates with a role-specific URL:
1. Select Signing In > Sign-in > Sign-in Policies.
2. ClickNewURL.
3. Configure the new policy and URL, using the sign-in policies instructions in theSecure
Access Administration Guide.
4. Configure the new policy and URL, using the sign-in policies instructions in the Unified
Access Control Administration GuideSelect the label you assigned to the templates,
when you select the sign-in page from the drop down menu.
5. Click Save Changes.
To test your customized pages iteratively, you need to cycle through the preceding
procedures to upload and associate a URL. You only need to download the templates
once.
Understanding the Template Toolkit Language
This section includes an abbreviated description of the Template Toolkit language for
Secure Access users. The section describes the most common directives and operators
Copyright © 2010, Juniper Networks, Inc.16
SA Series Custom Sign-in Pages
that designers may want to use when creating a customized page for Secure Access.
Although the Template Toolkit supports many powerful constructs, such as simple and
complex datatypes, virtual methods, and interfaces to database systems, the custom
sign-in pages use only a limited set of the Toolkit capabilities.
You can use the Template Toolkit for many applications that are far beyond the scope
of this discussion. For complete information about the Template Toolkit, go to
http://www.template-toolkit.org.
A Web page created with the Template Toolkit resembles a standard Web page. It can
include HTML, XML, and JavaScript. Unlike a standard Web page, however, it can also
include Template Toolkit directives, which you can use to add dynamic behavior to your
pages.
A directive is a simple instruction that tells the template processor to perform an action
and substitute the result into the document in place of the original directive. You can use
directives for many purposes, such as iterating through a list of values (FOREACH),
creating conditional statements (IF/UNLESS/ELSE), or including and processing another
template file ( PROCESS/INCLUDE).
When using directives in your code, note that:
• Directives are case-sensitive and all UPPER CASE.
• You must insert directives within the markup tags '<%' and '%>'.
NOTE: TheTemplateToolkitdocumentation includesexamplesofusingsquarebrackettags ([%%]) tomark directives. Secure Access only supports angle bracket markup
tags (<%%>).
• You can embed directives anywhere in a line of text.
• You can split directives across several lines.
• You can use the # character to indicate comments within a directive. The Template
Toolkit language ignores characters after the # character. For more information on
different types of comments, see “Template Comments” on page 18.
• The Template Toolkit language generally ignores insignificant white space within the
directive.
In addition to directives, you can also use the Template Toolkit language to include loops,
conditionals, variable substitutions, and other template files in your page.
The following sections describe common Template Toolkit tasks, directives, and
operations you may want to use in your customized pages:
• “Accessing and Updating Variables and Files” on page 18
• “GET Directive” on page 18
• “SET Directive” on page 18
• “Creating Conditional Statements” on page 22
17Copyright © 2010, Juniper Networks, Inc.
Chapter 1: Custom sign-in pages
“Conditional Operators” on page 22•
• “IF and ELSIF Directives” on page 23
• “SWITCH and CASE Directives” on page 23
• “Creating Looping Constructs” on page 24
• “Unsupported Directives” on page 24
For information about additional directives that you may use within the Template Toolkit
language, such as PROCESS , INCLUDE , and INSERT , see the Template Toolkit
documentation, available at http://www.template-toolkit.org.
Template Comments
You can include template comments by adding a # sign to the directive tag, as follows:
<%#This is a commentthat comments out allof the lines that follow.
%>
You can include a single-line comment by leaving a space between the tag and the #
sign, as follows:
<%#This is the first line comment, but the next line is not commented.IF foo...# This is another single-line comment.
%>
Accessing and Updating Variables and Files
GET Directive
The GET directive retrieves and outputs the value of the named variable.
<%GET foo%>
The GET keyword is optional. A variable can be specified in a directive tag by itself.
<% foo%>
SET Directive
The SET directive allows you to assign a value to existing variables or create new
temporary variables.
<%SET title = 'HelloWorld'%>
The SET keyword is optional.
Copyright © 2010, Juniper Networks, Inc.18
SA Series Custom Sign-in Pages
<% title = 'HelloWorld'%>
getText Directive
Used for multi-lingual support, the getText directive retrieves and outputs the localized
value of the named variable.
<%getText foo%>
Table 3 on page 19 lists some of common variables used in the templates and their
English values.
Table 3: English Values of Common Variables
English DefinitionVariable
Confirm PIN:I18N_ACE_CONFIRM_PIN_COLON
Generate New PIN?I18N_ACE_GEN_NEW_PIN
Generate PINI18N_ACE_GEN_PIN
The system will now generate a PIN for you.Make sure that no one else can see yourscreen and then click Generate PIN tocontinue.
I18N_ACE_GEN_PIN_MESSAGE1
Invalid PIN FormatI18N_ACE_INVALID_PIN_FORMAT
Invalid PIN LengthI18N_ACE_INVALID_PIN_LENGTH
New PIN:I18N_ACE_NEW_PIN_COLON
New PIN GeneratedI18N_ACE_NEW_PIN_GENERATED
Your new PIN isI18N_ACE_NEW_PIN_GENERATED_MESSAGE1
Be sure to remember it, because you needyour PIN each time you sign in. When you havememorized it, click Continue to return to thesign-in page.
I18N_ACE_NEW_PIN_GENERATED_MESSAGE2
You must create a new Personal IdentificationNumber (PIN) before you can sign in.
I18N_ACE_NEW_PIN_MESSAGE0
Your PIN should beI18N_ACE_NEW_PIN_MESSAGE1
long.I18N_ACE_NEW_PIN_MESSAGE2
Be sure to remember your PIN, because youneed it to sign in.
I18N_ACE_NEW_PIN_MESSAGE3
If you prefer, the system canI18N_ACE_NEW_PIN_MESSAGE4
19Copyright © 2010, Juniper Networks, Inc.
Chapter 1: Custom sign-in pages
Table 3: English Values of Common Variables (continued)
English DefinitionVariable
generate a PINI18N_ACE_NEW_PIN_MESSAGE5
for you. Generated PINs are typically moresecure.
I18N_ACE_NEW_PIN_MESSAGE6
If you decide not to create a new PIN now,click Cancel.
I18N_ACE_NEW_PIN_MESSAGE7
New PIN RequiredI18N_ACE_NEW_PIN_REQUIRED
Your PIN should be %1 to %2 digits long.I18N_ACE_NEW_PIN_SIZE_MSG
Please enter an additional token code tocontinue.
I18N_ACE_NEXT_TOKEN_MESSAGE1
The server requires that you enter anadditional token code to verify that yourcredentials are valid. To continue, wait for thetoken code to change and then enter the newcode in the SecurID Token Code field.
I18N_ACE_NEXT_TOKEN_MESSAGE2
Token Resync RequiredI18N_ACE_NEXT_TOKEN_REQUIRED
The Two PINs Entered Do Not MatchI18N_ACE_PIN_MISMATCH
Save PINI18N_ACE_SAVE_PIN
SecurID Token Code:I18N_ACE_TOKEN_CODE_COLON
CancelI18N_CANCEL
ClickI18N_CLICK
EnterI18N_ENTER
HereI18N_HERE
You must create a new Personal IdentificationNumber (PIN) before you can sign in.
I18N_NETEACE_NEW_PIN_MESSAGE1
Wait for the token code to change, and thenenter your current PIN* followed by the newtoken code in the SecurID Pass Code field. (Ifyou want the system to generate a new PINfor you, select the System PIN checkbox.)Click Enter to advance to the new PINassignment page.<br><br>*If youradministrator tells you that you no longerhave a PIN, enter only the new token code inthe Pass Code field.
I18N_NETEACE_NEW_PIN_MESSAGE2
Copyright © 2010, Juniper Networks, Inc.20
SA Series Custom Sign-in Pages
Table 3: English Values of Common Variables (continued)
English DefinitionVariable
New System PIN AssignmentI18N_NETEACE_NEW_SYSTEM_PIN
The system will now generate a PersonalIdentification Number (PIN) for you.
I18N_NETEACE_NEW_SYSTEM_PIN_MESSAGE1
Wait for the token code to change, and thenenter your current PIN* followed by the newtoken code in the SecurID Pass Code field.Make sure that no one else can see yourscreen and then click Generate PIN tocontinue.<br><br>*If your administrator tellsyou that you no longer have a PIN, enter onlythe new token code in the Pass Code field.
I18N_NETEACE_NEW_SYSTEM_PIN_MESSAGE2
New PIN AssignmentI18N_NETEACE_NEW_USER_PIN
Create your new Personal IdentificationNumber (PIN)
I18N_NETEACE_NEW_USER_PIN_MESSAGE1
Wait for the token code to change, and thenenter your current PIN* followed by the newtoken code in the SecurID Pass Code field.Then, enter your new PIN.<br><br>*If youradministrator tells you that you no longerhave a PIN, enter only the new token code inthe Pass Code field.
I18N_NETEACE_NEW_USER_PIN_MESSAGE2
Please enter additional token codes tocontinue.
I18N_NETEACE_NEXT_TOKEN_MESSAGE1
The server requires that you enter additionaltoken codes to verify that your credentials arevalid. To continue, wait for the token code tochange, and then enter your PIN followed bythe new token code in the SecurID Pass Codefield. Then, wait for the token code to changeagain and enter only the token code in theSecurID Token Code field.
I18N_NETEACE_NEXT_TOKEN_MESSAGE2
Token Resync RequiredI18N_NETEACE_NEXT_TOKEN_REQUIRED
SecurID Pass Code:I18N_NETEACE_PASS_CODE_COLON
System PINI18N_NETEACE_SYSTEM_PIN_REQUEST
SecurID Token Code:I18N_NETEACE_TOKEN_CODE_COLON
New PIN entered is invalid. Please wait for thetoken to change and try login again.
I18N_NEW_PIN_INVALID
to continueI18N_TO_CONTINUE
21Copyright © 2010, Juniper Networks, Inc.
Chapter 1: Custom sign-in pages
Table 3: English Values of Common Variables (continued)
English DefinitionVariable
Username:I18N_USERNAME_COLON
If you want to customize a page to add your own message, edit the appropriate template
file and enter your custom message using HTML tags. Make sure you do not change any
of the surrounding logic. You can not edit the strings file(s) and change the value of the
I18N_* variables. For example, suppose the template file has the following code:
<TABLE border="0" cellspacing="0" cellpadding="0"><TR><TD><IMG border='0' src='/dana-na/imgs/loginfo.gif'
alt='Info' width='21' height='20'></TD><TD><B><%GetText('I18N_ACE_NEW_PIN_REQUIRED')%></B></TD>
</TR></TABLE>
To change the displayed message to “You must enter a new PIN number” instead of the
default message “ New PIN Required”, change the code as follows:
<TABLE border="0" cellspacing="0" cellpadding="0"><TR><TD><IMG border='0' src='/dana-na/imgs/loginfo.gif'
alt='Info' width='21' height='20'></TD><!--<TD><B><%GetText('I18N_ACE_NEW_PIN_GENERATED')
%></B></TD>--><TD><B>Youmust enter a new PIN number</B></TD>
</TR></TABLE>
Creating Conditional Statements
You can create conditional statements in the Template Toolkit language. Review the
sample templates to find some example conditional statements. One of the simplest
and most effective uses of conditional statements is in trapping error conditions.
For example, the following code snippet from the LoginPage.thtml template verifies the
current user’s account status:
<% IF AccountDisabled%><%LoginPageErrorMessage%>
<%ELSE%><% IF LoginPageErrorMessage%><%LoginPageErrorMessage%>
<%END%><%END%>
Conditional Operators
You can use the following conditional operators:
Copyright © 2010, Juniper Networks, Inc.22
SA Series Custom Sign-in Pages
Table 4:
DescriptionOperator
is equal to==
is not equal to!=
is less than<
is equal to or less than<=
is greater than>
is equal to or greater than>=
and&&
or||
not!
andand
oror
notnot
IF and ELSIF Directives
You can use the IFandELSIFdirectives to construct conditional behavior. Note that these
are block directives, which means that you must use the END directive to indicate where
each block ends. You may nest blocks indefinitely, provided you include an end statement
for each nested block.
<% IF LoginPageErrorCode == 1002%><b> Your username or password is incorrect. Please reenter your credentials.
</b><%ELSIF LoginPageErrorCode == 1006%><b> The system is undergoingmaintenance. Only administrators are allowed
to sign in at this time.</b><%END%>
SWITCH and CASE Directives
You may use the SWITCH and CASE directives to construct a multi-way conditional test.
Note that these are block directives, which means that you must use the END directive
to indicate where each block ends. You may nest blocks indefinitely, provided you include
an end statement for each nested block.
<%SWITCH loginPageErrorCode%><%CASE 1001%>
23Copyright © 2010, Juniper Networks, Inc.
Chapter 1: Custom sign-in pages
<b> Your session time has expired. </b><%CASE 1006%><b> The system is undergoingmaintenance. Only administrators are
permitted to sign in at this time. </b><%CASE%># default ...
<%END%>
Creating Looping Constructs
You may use directives such as FOREACH and WHILE to loop through blocks of code.
Note that these are block directives, which means that you must use the END directive
to indicate where each block ends. You may nest blocks indefinitely, provided you include
an end statement for each nested block.
For example, the following sign-in page code loops through all of the authentication
realms and displays them in a select list. The sample also uses the RealmList and realm
predefined Secure Access values.
<select size="1" name="realm"><%FOREACH r = RealmList%><option value=“<% r%>” ><% r%></option>
<%END%></select>
Unsupported Directives
Juniper does not support the USE, INTERPOLATE, TAGS, PERL, or RAWPERL directives
when creating Secure Access custom pages. Additionally, we do not recommend using
the CALL or FILTER directives.
Getting Familiar with the Template Page Structure
The sample templates were created using the common method of designing with HTML
tables. One of the easiest ways to see how the layout works is to set all of the table
borders to a visible state. For example, change<TABLEborder=”0”> to<TABLE border=”
1” > wherever you find it in the LoginPage.thtml template.
The table layout affords you a columnar layout. If you choose to maintain your customized
design within the table layout, you may need to experiment with additions or deletions
of table rows or cells. You can also change colors of cells, modify the locations of required
fields, messages, or UI components.
You must always maintain the Template Toolkit directives that are included in each of
the templates. These directives provide required information to Secure Access and enable
Secure Access to communicate system state back to the end-user, appropriately. Deleting
or modifying any of the provided directives can result in unexpected behavior or data
corruption.
CGI Files
Secure Access generates a number of CGI files, which are called by the custom sign-in
pages. Each file performs specific functions that are required by Secure Access. You
should not modify any of these calls nor should you attempt to create your own CGI files
Copyright © 2010, Juniper Networks, Inc.24
SA Series Custom Sign-in Pages
to take the place of the supplied CGIs. In particular, you may see a number of references
in the custom sign-in pages to the three following CGI files:
• login.cgi—Handles authentication request between custom pages, Secure Access,
and any defined authentication servers.
• welcome.cgi—Handles redirection following a secondary authentication request, a
password change, or new PIN generation.
• starter.cgi—Verifies that client applications are running and allows the user to attempt
another login, typically when too many users are concurrently signed in to Secure
Access.
Typically, in standard sign-in pages and sample custom pages the order of cgi usage is
welcome.cgi, login.cgi, and then welcome.cgi again. For Host Checker pre-authorization,
policies are evaluated in the first invocation of welcome.cgi and are passed to login.cgi.
login.cgi takes the username and password parameters and determines the roles to
assign. For Host Checker post-authorization, policies are evaluated only in the second
invocation of welcome.cgi.
NOTE: When Host Checker and Cache Cleaner are configured, using login.cgi as the
first URL to log in to Secure Access is not supported.
Using Templates from the samples.zip File
The samples.zip file contains the following templates which you can customize for use
in your own environment.Samples.zip contains the most general set of templates. Some
of the templates in samples.zip are also contained in kiosk.zip and softid.zip. All files in
meeting.zip are specific to the Secure Access Meeting product.
• The environment. Secure Access pre-authentication pages
• “Logout.thtml” on page 85
• “ExceededConcurrent.thtml” on page 57
• “SSL.thtml” on page 144
• “PleaseWait.thtml” on page 111
• “SelectRole.thtml” on page 129
• ACE pre-authentication pages
• “NewPin.thtml” on page 99
• “NextToken.thtml” on page 101
• “GeneratePin.thtml” on page 64
• “ShowSystemPin.thtml” on page 138
• ACE with eTrust pre-authentication pages
25Copyright © 2010, Juniper Networks, Inc.
Chapter 1: Custom sign-in pages
• “SM-NewPinSelect.thtml” on page 140
• “SM-NewPinSystem.thtml” on page 140
• “SM-NewUserPin.thtml” on page 141
• “SM-NextToken.thtml” on page 142
• Password management pages
• “Defender.thtml” on page 56
• “GraceLoginUsed.thtml” on page 67
• “PasswordChange.thtml” on page 107
• “PasswordExpiration.thtml” on page 108
NOTE: Youmay customizemany of the pages listed here for Pocket PC—the PocketPC templates are identical to the other templates contained in this zip file, except thatthey are customized for a smaller viewing area and you are not required to add any ofthem to the zip file. All Pocket PC templates use the same names as their full screencounterparts, except that “ppc” is added to their filenames. For example, the full screen
sign-inpage template isnamedLoginPage.thtmland itsPocketPCcounterpart isnamed
LoginPage-ppc.thtml. For information about a Pocket PC template, see the section
about its corresponding full screen template.
Customizing Look-and-Feel
You can customize the look-and-feel of your custom sign-in pages. This enables you to
add your own corporate design, including logos, colors, and layout.
Required Components
You must include:
• Any template directives you find in the template files. This includes any code surrounded
with template tags <%%>.
• Required HTML tags, such as the <html>, <head>, and <body> tags, although these
may be consolidated into a separate template file which you can include using either
the PROCESS or INCLUDE directives.
• Any <form> definitions.
• Any <input> statements.
• Any <script> statements and included scripts, typically Javascript.
• Any <object> statements.
• Any <embed> statements.
Copyright © 2010, Juniper Networks, Inc.26
SA Series Custom Sign-in Pages
• Any onload, onUnload, or other event triggers in the <body> tag,
• Any of the required variables, directives, or other items as noted in the commented
section at the beginning of each template file.
You can exclude:
• Any HTML presentation code that is not a template directive, such as table tags, images,
or style tags.
Displaying Custom Logos
You can change the templates to display your company’s logo by following these steps:
1. Open the template in a text editor or HTML editor.
2. Search for either of the two strings:
src="welcome.cgi?p=logo&signinId=<%signinId%>"
src="welcome.cgi?=logo”
3. Replace the string with the following:
src="<% Home %>/imgs/custom-logo.gif
where custom-logo.gif is the new logo to be displayed. custom-logo.gif must be
uploaded to Secure Access as part of your zip file. For more information, see
“Downloading Sample Templates and Uploading Files to Secure Access” on page 15.
NOTE: For Remediate.thtml, use <%signinId%> instead. For example:
src="<% signinID%>/imgs/custom-logo.gif"
Simplifying the Code in the Sample Templates
One of the first things you can do is simplify the code in the templates, by using the
Template Toolkit PROCESS directive to extract common code into an include file. By
moving common code to separate files, you can eliminate a certain amount of redundant
code, thereby decreasing the size of the template files, and improving the readability of
the files.
Let’s take a look at one of the template files, LoginPage.thtml. Almost every designer
who wants to customize the custom sign-in pages will likely want to customize
LoginPage.thtml, which is the first screen that end-users see. If you have not downloaded
the Samples.zip file, do so now, following the instructions in “Downloading Sample
Templates and Uploading Files to Secure Access” on page 15.
Open the LoginPage.thtml file in a text editor or HTML editor.
Version Directive
Each template file starts with a version directive, similar to the following:
27Copyright © 2010, Juniper Networks, Inc.
Chapter 1: Custom sign-in pages
<%#NetScreen Page Version 1001%>
Do not modify this directive.
Comment Section
Each template file then contains a set of comments that describe template variables,
JavaScript, and HTML code required in that particular template. These comments can
help you understand what directives and other elements of the file you must maintain,
and give hints about other directives, variables, and methods that you can use to further
customize the template.
NOTE: When you have completed your customization, you can consider removing thecomment section from your files. The removal of this section decreases the size of thetemplate files, and can possibly speed up page download times.
Header Tags
With the exception of the Remediate.thtml file, all of the template files contain the
following HTML tags:
<html><head><meta http-equiv="Content-Language"><meta http-equiv="Content-Type" content="text/html"><meta name="robots" content="none">
You can extract these tags into a separate .thtml file. If you ever need to change any of
these tags, for example, to modify the meta tag definitions, you can then modify one file
and the changes are propagated throughout all the files.
To create a simple header template file:
1. Open a new text file in your favorite text editor or HTML editor.
2. Cut and paste the preceding header lines into the file. You can cut these from one
of the template files.
3. Save the file into the directory where the other template files are saved, naming the
file customhead.thtml.
NOTE: Do not name the file header.thtml. Along with config.thtml and footer.thtml, this
namemay already be used by the Secure Access system software. You can call thefiles whatever you want, as long as they do not use these reserved names. Theymustend in the .thtml file extension.
4. Open each template file and delete the header lines.
5. In the place of the header lines, insert the following directive:
Copyright © 2010, Juniper Networks, Inc.28
SA Series Custom Sign-in Pages
<%PROCESS customhead.thtml%>
The command PROCESS must be in all UPPER CASE. If you name the header file
something other than customhead.thtml, then use that name in the directive instead.
6. When you zip your template files up, make sure you include the customhead.thtml
file.
Copyright and Footer Tags
You might want to perform a similar task with the footer tags. This topic shows how to
create a copyright notice in a separate include file.
1. Open a new text file in your favorite text editor or HTML editor.
2. Copy the following directive into the file:
<%year = 2005;company = "Juniper Networks";copyr = "Copyright $year $company" -%>
You can change the company name to your own company name.
3. Save the file into the directory where the other template files are saved, naming the
file customconfig.thtml.
4. Open another new text file in your favorite text editor or HTML editor.
5. Copy the following directive and HTML to the file:
<div id="footer">© <% copyr -%></div></body></html>
6. Save the file into the directory where the other template files are saved, naming the
file customfoot.thtml.
7. In your LoginPage.thtml file, add the following directive just prior to the PROCESS
directive for customhead.thtml. The lines should look like:
<%PROCESS customconfig.thtml%><%PROCESS customhead.thtml%>
8. In your LoginPage.thtml file, scroll to the end of the file.
9. Replace the last two lines that contain the closing </body> and closing </html>
tags with the following directive:
<%PROCESS customfoot.thtml%>
10. Save the LoginPage.thtml file.
29Copyright © 2010, Juniper Networks, Inc.
Chapter 1: Custom sign-in pages
Page Banner
You can also create a common banner for your pages, eliminating the repetitious use of
images and HTML code in every file. The following sample code creates a banner using
an H1 header for the text displayed in the banner. Note the commented image tag, which
you could use instead of the H1, if you prefer to use an image, for example, a logo.
1. Open a new text file in your favorite text editor or HTML editor.
2. Copy the following HTML into the file:
<div id="banner"><h1 class="banner">Sample</h1><!-- <img border="0" src="<%Home%>/imgs/sample.gif" alt="Logo"> --></div>
3. Save the file into the directory where the other template files are saved, naming the
file custombanner.thtml.
4. In your LoginPage.thtml file, add the following directive just after the <body> tag.
<body id=” body” onload="FinishLoad()"><%PROCESS custombanner.thtml%>
5. Save the LoginPage.thtml file.
Processing LoginPage.thtml
Now you can process the template to see the results of making the changes. Keep in
mind the following requirements:
• You must have successfully installed and configured the Template Toolkit on your
local system.
• All of the template files, including the custom header, custom footer, and custom
config files must be saved into the same directory along with LoginPage.thtml.
• If you intend to upload your files to Secure Access, instead of processing them locally
first, you can ignore this instruction. You must begin each file with the directive [%
TAGS <%%>%] so that you can use angle brackets on any directives you add to the
templates. By default, the Template Toolkit recognizes square brackets ([ ]) instead
of angle brackets (<>) as delimiters for directives. Secure Access recognizes angle
brackets only. Adding the TAGS directive tells the local Template Toolkit utilities that
you are using angle brackets.
To process LoginPage.thtml:
1. Open a command window.
2. Navigate to the directory in which you have saved the LoginPage.thtml file,
customhead.thtml, customconfig.thtml, and customfoot.thtml. For example,
/Templates/Sample/.
3. Enter the following command:
Copyright © 2010, Juniper Networks, Inc.30
SA Series Custom Sign-in Pages
tpage LoginPage.thtml > index.html
If you get no errors and the system returns a blank directory prompt, the process
completed successfully.
4. Open a browser window.
5. Select File > Open and navigate to the directory where you have saved
LoginPage.thtml.
6. Select index.html.
You should be able to see a copyright statement at the bottom of the page. The directive
in customfoot.thtml pulled the data from customconfig.thtml and substituted the year
and company name into the substitution variables $date and $company. Then, during
the processing of LoginPage.thtml, customfoot.thtml was included based on the use of
the PROCESS directive.
NOTE: Twowarnings:
• If you received errors or if you were unable to run tpage, you need to check your
Template Toolkit installation and documentation. Youmay not have the properenvironment variable set to point to the Template Toolkit installation location or toyour Perl distribution.
• Once you create a file, such as index.html in the preceding example, youmust delete
ormove the file if you intend to create another version of the same file. The TemplateToolkit tpage utility does not overwrite a file of the same name.
Changing Colors in the Table-Based Layout
Changing colors in the table-based layout is a very simple operation. All you need to do
is replace color codes in the templates with the color codes representing the colors you
prefer. Color codes are expressed in the hexadecimal format (#000000). If you want
to change everything that is white to black, replace all occurrences of #FFFFFF to
#000000.
In theUI Options page of a given role, you can also change banner, background, and link
colors.
Changing the Layout
One of the simplest ways to customize the presentation of the pages is to modify the
banner, colors, and table format. You can add table rows (<tr>) and table cells (<td>),
graphics, change the custom-logo.gif to your own company logo, and change the
background color of one or more table cells. You can also move pre-configured objects,
such as the username field, password field, realm drop down menu, and submit button
to other locations within the table. We do not go into detail about how to accomplish
this. You should be familiar with HTML tables and be prepared to go through a trial and
error process.
31Copyright © 2010, Juniper Networks, Inc.
Chapter 1: Custom sign-in pages
If you prefer to separate the presentation from the content, consider using cascading
style sheets (CSS).
Using Cascading Style Sheets
One of the most dramatic changes you can make to the presentation style of the
templates is to convert them fully to use cascading style sheets (CSS). In some templates
you can already find brief examples of CSS codes, such as the use of <DIV> and <SPAN>
tags. In those cases, it is best to leave those tags in place. You can, however, replace
much of the HTML code around those tags, as well as around Template Toolkit directives.
As mentioned before, the sample templates use a traditional table-based design model.
In effect, the design uses HTML tables as containers for all other objects on the page.
Table rows and cells contain all graphics, error messages, fields, and buttons.
Although tables can simplify some elements of HTML design, they can complicate others,
not to mention that designing with tables means that you must use tables on every page,
if you intend to maintain the same basic layout. This adds complexity and decreases
download times, as the end-user’s browser must parse each table in each page every
time it loads a page.
CSS provides an alternative. CSS consists of a set of styles that can be embedded in
each HTML page or that can be stored in a separate .css file and referenced in the HTML
files with a <link> tag. This topic is not meant to be a comprehensive CSS tutorial. It
assumes you already have some familiarity with CSS. If you do not, you can find references
on the Web, starting with the CSS specification at http://www.w3c.org.
For the purposes of this discussion, we will describe how to use CSS to eliminate
redundant items, presentation information, and tables from your design. By doing so, you
can improve the readability of your template files, and can consolidate almost all
presentation instructions into one file.
Embedding CSS
You can embed CSS styles into an individual HTML page. If you plan on customizing only
one file, you might find this approach easiest. Otherwise, you gain the most benefit by
using a standalone CSS file and linking it into your HTML files.
Attaching a Standalone CSS
For the purposes of this discussion, we will introduce a simple CSS that will serve as an
example method for replacing tables as a design element.
You can copy the following CSS into a text file and save it into the same directory with
LoginPage.thtml. Save it as sample.css.
body { // Configures bodymarginsmargin:10px 10px 0px 10px;padding:0px;}
span.error ( // Formats errors with bold and backgroundfont-weight: bold;
Copyright © 2010, Juniper Networks, Inc.32
SA Series Custom Sign-in Pages
background: silver;}
#leftcontent { // Styles left columnposition: absolute;left:10px;top:69px;width:199px;background:#809FB0;border:1px solid #000000;text-align:center}
#centercontent { // Styles center columnbackground:#EFEFC9;margin-left: 175px;margin-right:11px;border:1px solid #000000;voice-family: "\"}\"";voice-family: inherit;margin-left: 199px;margin-right: 0px;
#banner { // Styles the top bannerbackground:#C0C0B0;height:60px;border-top:1px solid #000000;border-left:1px solid #000000;border-right:1px solid #000000;voice-family: "\"}\"";voice-family: inherit;height:59px;}
p,h1,h2,h3,pre { // Sets common properties of thesemargin:0px 10px 10px 10px;// paragraph elementsfont-family:Arial, Verdana, Helvetica, sans-serif;}
p{ // Styles paragraph elementfont-size:12px;text-align:left}
h1,h2,h3 ( // Sets common elements forpadding-top:10px;// headings.font-weight:bold;}
h1 { // Sets size of H1 headingfont-size:18px;}
h2 { // Sets size of H2 heading
33Copyright © 2010, Juniper Networks, Inc.
Chapter 1: Custom sign-in pages
font-size:14px;}
h3{ // Sets size of H3 headingfont-size:12px;}
#banner h1 { // Sets heading selector for bannerfont-size:36px;padding:10px 10px 0px 10px;margin:0px;font-weight: bolder}
#footer { // Sets footer selectorborder-top:3px solid #000000;text-align:center;font-family:sans-serif;font-size:10px}
a { // Sets common styles for anchorfont-family:sans-serif;font-size:14px;font-weight:bold;}
a:link { // Sets link styletext-decoration: underline;
text-align:right;color: black;}
a:hover { // Sets hover style for linkscolor:white;}
To make the connection between the CSS stylesheet and the page, you must include a
<link> tag prior to the closing head tag </head>, as follows:
<link rel="stylesheet" type="text/css" href="sample.css" /></head>
If you store the stylesheet in a directory other than the root directory where you keep your
template files, make sure you express the path correctly in the href attribute of the link
tag. For example, if you keep all of your stylesheets in a directory one level above the
template file, you might indicate it as follows:
<link rel="stylesheet" type="text/css" href="../sample.css" />
or
Copyright © 2010, Juniper Networks, Inc.34
SA Series Custom Sign-in Pages
<link rel="stylesheet" type="text/css" href="css/sample.css" />
This CSS defines the presentation style of all of the major components of the page.
Additionally, if you want to change the look-and-feel of the page, while keeping the basic
structure intact, you can create another CSS that uses the same style names, but that
modifies the definitions. Without making any changes to your template file, you can apply
an entirely unique style.
Here is a copy of the LoginPage.thtml file (excluding the comments section) after it has
been converted to a CSS-based page. Compare it with the template file that you
download from Secure Access. You might notice that virtually all of the presentation
codes, things such as color settings, font settings, and border settings are missing from
the following code. All of the presentation code has been extracted to the CSS stylesheet.
<%#NetScreen Page Version 1001%>
<!--The following line,whenuncommented, allowsyou toprocess the .thtml file locallyusing the tpage utility, without having to replace the angle brackets on all of theSecureAccess template directives. The TAGS directive tells the Template Toolkit utilities tosubstitute angle brackets for the default square brackets. This line should be on thefirst line of the file when you are testing locally. Prior to uploading to Secure Access,move and comment the line, or remove it from the file completely.--><!--[%TAGS <%%>%]-->
<%PROCESS customconfig.thtml%>
<%PROCESS customhead.thtml%>
<title>Instant Virtual Extranet</title>
<link rel="stylesheet" type="text/css" href="sample_two.css" />
<script><!--JavaScript removed for readability. See template file for actual JavaScript.
//--></script></head><body id="body" onload="FinishLoad()">
<%PROCESS custombanner.thtml%>
<!-- /////////////////// --><!-- BEGIN LEFT COLUMN --><!-- /////////////////// -->
<div id="leftcontent">
<!-- ///////////////////////////////////////////// -->
35Copyright © 2010, Juniper Networks, Inc.
Chapter 1: Custom sign-in pages
<!-- BEGIN CUSTOMCONTENT LEFT COLUMN (Optional) --><!-- ///////////////////////////////////////////// -->
<!-- Addmore content here, if needed. -->
<!-- /////////////////////////////////// --><!-- END CUSTOMCONTENT LEFT COLUMN --><!-- /////////////////////////////////// -->
<!-- ////////////////////////////////////////////// --><!-- BEGIN AUTHENTICATION TEMPLATE DIRECTIVES --><!-- and FORMUSERNAME/PASSWORD/REALMPROMPTS --><!-- DONOTDELETE. Must be included in page. --><!-- ////////////////////////////////////////////// -->
<form name="frmLogin" action="login.cgi" method="post" autocomplete="off"onsubmit="return Login()">
<input type="hidden" name="tz_offset"><%IF !AnonymousAuthentication && !CertificateAuthentication%>
<%FOREACH prompt = prompts%><%NEXT IF !prompt.required%><br><p><%prompt.promptText%></p>
<input type="<%prompt.type%>" name="<%prompt.name%>" size="20"><%END%>
<% IF RealmList.size == 0%><p>LoginRealm</p><input type="text" name="realm" size="20"><%ELSIF RealmList.size == 1%><input type="hidden" name="realm" value="<%RealmList.0%>"><%ELSE%><p>LoginRealm</p><select size="1" name="realm"><%FOREACH r = RealmList%><option value="<% r%>" ><% r%></option><%END%></select><%END%><%ELSE%><input type="hidden" name="realm" value="<%RealmList.0%>"><%END%><input type="submit" value="Sign In" name="btnSubmit"></form>
<!-- //////////////////////////////////// --><!-- BEGIN CUSTOMCONTENT LEFT COLUMN --><!-- //////////////////////////////////// -->
<p>You are not yet authorized!</p>
<!-- /////////////////////////////////// -->
Copyright © 2010, Juniper Networks, Inc.36
SA Series Custom Sign-in Pages
<!-- END CUSTOMCONTENT LEFT COLUMN --><!-- /////////////////////////////////// -->
</div>
<!-- ///////////////// --><!-- END LEFT COLUMN --><!-- ///////////////// -->
<!-- ////////////////////// --><!-- BEGIN CENTER COLUMN --><!-- ////////////////////// -->
<div id="centercontent">
<!-- ///////////////////////////////////////////////////////// --><!-- BEGIN PASSWORDMANAGEMENT TEMPLATE DIRECTIVES --><!-- DONOTDELETE. Must be included in page. --><!-- Added for Account Disabled Case for PasswordManagemnt --><!-- ///////////////////////////////////////////////////////// -->
<% IF AccountDisabled%>
<!-- ///////////////////// --><!-- Account Disabled Case --><!-- ///////////////////// -->
<span class="error"><%LoginPageErrorMessage%></span>
<%ELSE%><% IF LoginPageErrorMessage%><span class="error"><%LoginPageErrorMessage%></span><%END%><%END%>
<!-- /////////////////////////////////////// --><!-- END PASSWORDMANAGEMENTDIRECTIVES --><!-- /////////////////////////////////////// -->
<!-- ///////////////////////// --><!-- Optional error handling codes --><!-- ///////////////////////// -->
<span class="error"><% IF PageErrorCode == 1020%>You have successfully changed your password.<%END%></span>
<span class="error"><% IF PageErrorCode == 1021%>Account Disabled. Please contact Administrator for help.<%END%></span>
<span class="error">
37Copyright © 2010, Juniper Networks, Inc.
Chapter 1: Custom sign-in pages
<% IF PageErrorCode == 1023%>Account Expired. Please contact Administrator for help.<%END%></span>
<!-- ///////////////////////////// --><!-- END optional error handling codes --><!-- ///////////////////////////// -->
<!-- ///////////////////////////////////////// --><!-- BEGIN CUSTOMCONTENT CENTER COLUMN --><!-- Add any content below that youwant to appear in the center column. --><!-- You can add amix of headings, paragraphs, graphics or any other HTML.--><!--////////////////////////////////////////////////////////////// -->
<h1>Welcome to XYZ Company!</h1>
<h2>New Employee Benefits!</h2><p>Permunere latine officiis ad. Quo te elit vivendum,mea aperiri integrepericulis ex, ea sea corpora consectetuer. </p><h2>Company Party!</h2><p>Dolore efficiantur vim ea, alia putant vivendo at pri. Odio cetero tibique no vis.Mea vero delenit ad. </p><h2>Corporate Travel Advisory</h2><p>Cu zzril expetenda has, ludus utinam instructior nam an, id eam fugit putentpossit. Mazim epicuri contentionesmel ut, pri atqui maiestatis ei. </p><p>Tempor oportere usu ne. Ea aperiam sanctus oportere vel.</p>
<!-- ///////////////////////////////////// --><!-- END CUSTOMCONTENT CENTER COLUMN --><!-- ///////////////////////////////////// -->
</div>
<!-- //////////////////// --><!-- END CENTER COLUMN --><!-- //////////////////// -->
<%PROCESS customfoot.thtml%>
Working with Standalone Network Connect
When you manually launch Network Connect (from the Start menu), a different window
appears compared to launching Network Connect from a browser window.
To modify the standalone version of the login page, create a LoginPage-stdaln.thtml file
(you can copy the existing LoginPage.thtml file), customize it according to your needs,
and add it to your zip file.
Generally speaking, standalone pages follow the convention name-stdaln.thtml where
name is the equivalent name.thtml file (similar to the method used for the pocket PC
files, name-ppc.thtml).
Copyright © 2010, Juniper Networks, Inc.38
SA Series Custom Sign-in Pages
Customizing Error Handling and Navigation
The Template Toolkit provides a rudimentary level of error handling capability. In most
cases, errors are handled sufficiently by the included logic. However, you might want to
modify the behavior of the pages, given a particular error. For example, you might want
to redirect a user to your own specific custom error page on an “Account Disabled” error.
You can redirect based on specific individual errors or based on any error occurring at all.
The following samples illustrate both methods.
Redirecting Based on Any and All Errors
If you want to redirect to your own Web page based on the occurrence of any and all
errors, you can implement logic, as follows:
<head><% IF LoginPageErrorMessage%><meta http-equiv=” refresh” content=” 0;url=DisplayErrorPage.html” ><title>Redirect</title>
</head>
Redirecting Based on Specific Errors
If you want to redirect to your own Web page based on the occurrence of a specific error,
such as the “Account Disabled” error, you can implement logic, as follows:
<head><% IF LoginPageErrorCode == 1021%><meta http-equiv=” refresh” content=” 0;url=AcctDisabledError.html” ><%ELSIF PageErrorCode == 1023%><meta http-equiv=” refresh” content=” 0;url=AcctExpiredError.html” ><%END%><title>Redirect</title>
</head>
For more information on error codes, see “LoginPageErrorCode” on page 81.
Defining Error Message Locations
You can locate error messages wherever you want on the page. Keep in mind, however,
that you cannot move the error handling code relative to its position within the <form/>
tags. For example, do not reverse the positions of two directives appearing within the
body of <form/> tags or move the error handling code outside of the <form/> tags.
Customizing Error Messages
You can customize some of the error and confirmation messages your end-users might
see. Secure Access produces some error messages that you cannot change. Table 6 on
page 81 lists those that you can change.
Although you cannot change any messages on Secure Access itself, you can customize
error messages that will appear instead of the messages originating on Secure Access.
39Copyright © 2010, Juniper Networks, Inc.
Chapter 1: Custom sign-in pages
Using the Template Toolkit IF directive, you can test for a message based on an error’s
unique error code, and expressed by the predefined template variable PageErrorCode. In
the directive block, you include the customized message, as shown in the following
example:
<% IF PageErrorCode == 1020%>You have successfully changed your password.<%END%>
<% IF PageErrorCode == 1021%>Account Disabled. Please contact administrator at X5540 for help.<%END%>
<% IF PageErrorCode == 1023%>Account Expired. Please contact administrator at X5541 for help.<%END%>
You might include the preceding code in your LoginPage.thtml file following the form
(<form></form>) that prompts the user for login credentials. You can see that the
example messages in the preceding sample include phone extension numbers, to help
end-users identify the correct administrator to call after encountering specific problems.
Localizing CustomSign-In Pages
By default, text strings are in English. Administrators supporting non-English users may
need to configure the sign-in pages to provide localized text labels. This can only be done
on a per-sign-in page basis. For multi-language support, Administrators must configure
different sign-in pages for different locales. For further customizations, you can upload
customized sign-in pages using the Template Toolkit. Contact Juniper Networks Technical
Support for details.
You can create localized custom sign-in pages, using the downloadable sample template
files. You can download the samples fromSigning In >Sign-in pages > UploadCustomPages > Upload CustomSign-In Pages page.
You include the localized version of the template files in separate directories, one directory
per language, in your uploaded zip file. Secure Access recognizes all of the .thtml files in
the root directory of the zip file as default pages. When creating the subdirectory for a
set of given language files, name the subdirectory with the Accept-Language header
2-char abbreviation. Retain the default names for the localized file names.
At runtime, Secure Access notes the default language of the browser, then searches the
subdirectory corresponding to the 2-char Accept-Language abbreviation to find the
specific .thtml file. If Secure Access locates the file, Secure Access uses that .thtml file.
If Secure Access cannot locate the file, Secure Access uses the default page in the root
directory.
NOTE: Use the Accept-Language abbreviation zh-cn if you plan to use either of theabbreviations zh-cn or zh-sg.
Copyright © 2010, Juniper Networks, Inc.40
SA Series Custom Sign-in Pages
The directories should contain full sets of template files, as required to implement custom
sign-in pages.
NOTE: For a list of acceptable Accept-Language header abbreviations, seehttp://www.oasis-open.org/cover/iso639a.html.
Creating a Localized Set of CustomSign-In Pages
To create a localized set of custom sign-in pages, perform the following procedure.
1. Select Signing In > Sign in > Sign in pages.
2. ClickUpload CustomPages.
3. Click the link for the sample templates you want to localize.
4. Once downloaded, unzip the files.
5. Create a subdirectory in the sample templates directory and name it with the
2-character identifier that specifies the language into which you intend to translate
the template files. For example, if you are translating into French, name the directory
fr. Create subdirectories for each language into which you want to translate the
templates, and copy all template files and the images directory into each subdirectory.
6. Copy all of the templates and the images directory (/imgs) and paste them into the
new folder.
7. Translate the template files.
8. Change the paths in the translated files to point to the correct path. For example,
you need to update the paths to images in the /imgs subdirectory, otherwise, they
will continue to point to the default directory.
9. When translation is completed, zip the files and upload to Secure Access.
10. To test the languages, make sure you update the language option in your Web
browser, first.
Upgrade Considerations
Consider the following when upgrading to the latest version of the custom sign-in pages:
• You must update the version number in your templates to match the current version.
If you do not update your version number, the default page appears instead of your
custom page. Alternatively, you can copy your custom content to the new templates.
• Old variable names may change and new variables may be added. It is recommended
that you convert old variable names to their new counterparts as the default values
for the old variables may no longer exist. If you do not want to update your variable
names, you can select theSkip validation checks during upload option in theUploadCustomSign-InPagespage. If you select this option, you should review all your custom
pages to ensure that they are still functioning correctly.
41Copyright © 2010, Juniper Networks, Inc.
Chapter 1: Custom sign-in pages
• Some formatting, such as text strings and color, change from prior versions. Review
your page to ensure that the changes are acceptable.
Custom Templates Reference
The following topics describe each of the template files, JavaScript, template variables,
some form variables, their uses, functionality, and customizability. The topics are organized
alphabetically. Within the reference, you can find definitions for:
• Secure Access pre-authentication pages
You may customize a variety of standard Secure Access pre-authentication pages,
including the standard sign-in page (LoginPage.thtml), the failed authentication page
(SSL.thtml), the sign out page (Logout.thtml), the sign-in warning page
(ExceededConcurrent.thtml), the Host Checker and Cache Cleaner start page
(PleaseWait.thtml), and the select from multiple roles page (SelectRole.thtml).
• ACE pre-authentication pages
TheSoftID.zip file enables you to customize Secure Access pages for use with the RSA
Soft ID client.
When the end-user browses to the URL of the SoftID custom sign-in page, the page
prompts the user to enter a PIN by way of the SecurID application on his local machine.
If the application accepts the PIN, the end-user is logged in.
To configure the SoftID custom sign-in page, download the Samples.zip and SoftID.zip
files. Unzip Samples.zip to a directory first, and then unzip the SoftID.zip file to the
same location, overwriting any duplicates. Once you have customized the files to your
liking, zip the entire set of files and upload them to Secure Access.
To ensure that the New Pin and Next Token pages are customized for SoftID
authentication, copyNewPin.thtml toGeneratePin.thtml in theSoftID.zip file and upload
the modified zip file to Secure Access for the custom sign-in page.
• ACE with eTrust pre-authentication pages
The ACE with eTrust pre-authentication pages are named with the SM prefix, for
SiteMinder.
• Password management pages
These include pages such as the secondary authentication server login page
(SecondaryLoginPage.thtml).
• Template variables
• Kiosk pages
The Kiosk.zip file contains templates that enable you to customize Secure Access
pages for use by Kiosk users. This sample shows how you can implement a custom UI
to circumvent keystroke loggers. When you run the sample LoginPage.thtml (after it
has been uploaded to Secure Access) you see a Virtual Keyboard. The password field
is disabled, so an end-user must use the Virtual Keyboard to enter a password. Because
the normal keyboard is disabled, a keystroke logger cannot capture the password.
Copyright © 2010, Juniper Networks, Inc.42
SA Series Custom Sign-in Pages
• Meeting pages
TheMeeting.zip file enables you to customize a variety of pre-authentication and
post-authentication pages used by Secure Meeting attendees.
NOTE: Whenuploading templates toSecureAccess, youmust includeall of theTHTMLpages included in the original zip files for Secure Access to accept the upload.
• JavaScript
Many of the templates include optional JavaScript functions that you can use to perform
a variety of tasks on that particular page. For example, the header in LoginPage.thtml
contains several JavaScript functions. Most of these functions handle cases where you
associate multiple authentication realms with a single sign-in URL. You can also add
your own JavaScript functions to perform presentation effects, or to modify the default
navigation by redirecting to your own Web pages, in some cases.
<failedPolicy>
Tag used to go through list of failed policies.
Object Type Template variable
Included In Remediate.thtml
Usage Required. Do not modify.
Example None
Related Topics Remediate.thtml on page 119
<failedPolicy>.name
Name of the policy that fails during remediation.
Object Type Template variable
Included In Remediate.thtml
Usage Required. Do not modify.
Example None
Related Topics Remediate.thtml on page 119
43Copyright © 2010, Juniper Networks, Inc.
Chapter 1: Custom sign-in pages
<failedPolicy>.remediation
Custom instructions as defined in the remediation policy.
Object Type Template variable
Included In Remediate.thtml
Usage Optional
Example None
Related Topics Remediate.thtml on page 119
action
An HTML form element that provides the action that is meant to occur, usually on a
submit button click or POST.
Object Type HTML form element
Included In All templates with forms
Usage Required
Example The following fragment from a<form> field runs the login.cgiPerl script on Secure Access:
action="login.cgi"
Related Topics autocomplete on page 48
activex_ini
Contains the name of an ActiveX control.
Object Type Template variable
Included In LoginMeeting.thtml, MeetingTestJS.thtml
Usage Required if running Internet Explorer on a Windows system. This variable contains the
name of the ActiveX control that must be loaded to run Meeting in the browser.
Example The following sample checks to see if the browser is Internet Explorer. If so, it passes the
name of an ActiveX object to initialize.
Copyright © 2010, Juniper Networks, Inc.44
SA Series Custom Sign-in Pages
<% IF ie%><P><OBJECT><%activex_ini FILTER verbatim%></OBJECT></P><%END%>
Related Topics applet_ini on page 45•
• FILTER verbatim on page 59
AnonymousAuthentication
Use this variable to specify that users signing into an anonymous realm should not see
the username and password fields in the sign-in page.
Object Type Template variable
Included In LoginPage.thtml, LoginPage-ppc.thtml
Usage Optional. Secure Access sets this value to true if the authentication realm is set to an
anonymous server. If you use this variable, Secure Access only displays the sign-in page
to users when they encounter one of the errors described in “LoginPageErrorCode” on
page 81. If you set AnonymousAuthentication, the realm is available in RealmList.0. You
need to send the realm in the form as a hidden variable.
Example The following sample checks to see if AnonymousAuthentication and
CertificateAuthentication are set to false. If the variables are set to false, the following
directives generate authentication fields, setting the size of the input fields to 20
characters.
<%IF !AnonymousAuthentication&& !CertificateAuthentication%><%FOREACH prompt = prompts%><%NEXT IF !prompt.required%><%prompt.promptText%><input type="<%prompt.type%>" name="<%prompt.name%>" size="20"><%END%>
Related Topics CertificateAuthentication on page 51•
• RealmList on page 117
applet_ini
Contains instructions that initialize a meeting applet.
Object Type Template variable
45Copyright © 2010, Juniper Networks, Inc.
Chapter 1: Custom sign-in pages
Included In MeetingAppletInstaller.thtml, MeetingTestMSJava.thtml
Usage Required
Example The following code fragment shows how the applet_ini variable passes an applet to the
page, and how the additional code passes parameters to the applet:
<% IF install%><P><APPLET<% applet_ini FILTER verbatim%><PARAMNAME="Parameter0"
VALUE="meeting_id=<%instanceId%>;user_name=<%username%>;cert_md5=<%cert_md5%>;ncp_read_timeout=<%ncp_read_timeout%>"><PARAMNAME="StartSessionReDir" VALUE="<%startSessionReDir%>"><PARAMNAME="UninstallReDir" VALUE="<%uninstallReDir%>"><PARAMNAME="locale" VALUE="<%locale%>"></APPLET>
Related Topics MeetingAppletInstaller.thtml on page 87
appstr
Contains the applet tag for the Secure Meeting client.
Object Type Template variable
Included In MeetingRunJava.thtml
Usage Required
Example The following example checks to see if a login is required. If not, Secure Access loads the
applet indicated in the appstr variable.
<% IF !login_required%><%appstr FILTER verbatim%><%END%>
Related Topics FILTER verbatim on page 59
authenticate()
Authenticates a user.
Object Type JavaScript function
Copyright © 2010, Juniper Networks, Inc.46
SA Series Custom Sign-in Pages
Included In GeneratePin.thtml (ACE/SoftID), LoginPage.thtml (ACE/SoftID), NewPin.thtml
(ACE/SoftID), NextToken.thtml (ACE/SoftID)
Usage Required
Example The following examples illustrate the use of the authenticate() function.
From ACE/SoftID LoginPage.thtml. This function checks to see whether or not the user
is authenticated. If the user is not authenticated, the function displays an error from the
authentication server. Otherwise, it passes the authentication credentials from the auth
server to the frmLogin HTML form in LoginPage.thtml:
function authenticate(){var rc = -1;var time = <% softid_time%> ;var user = document.frmLogin.username.value;var state = 0;
if(typeof(document.sdui.sdAuth) == "undefined"){rc = -1;}else{if (error != ""){alert(error);}rc = document.sdui.sdAuth(time, user, state);}if (rc == 1){document.frmLogin.username.value = document.sdui.getUsername();document.frmLogin.password.value = document.sdui.getPasscode();document.frmLogin.submit();
}else{document.cancelForm.submit();}
}
From ACE/SoftIDGeneratePin.thtml. The following function enables the user to generate
a new PIN for signing in to an authentication server:
function authenticate(){var min = parseInt(document.minmaxForm.minlen.value);var max = parseInt(document.minmaxForm.maxlen.value);
47Copyright © 2010, Juniper Networks, Inc.
Chapter 1: Custom sign-in pages
var alp = parseInt(document.minmaxForm.alphanumeric.value);var sys = document.minmaxForm.systempin.value;
if(typeof(document.sdui.sdPin) == "undefined"){rc = -1;}else{if (error != "")alert(error);
rc = document.sdui.sdPin(min, max, <% secid_pinselectmode%>,alp, sys);}if (rc == 1){document.frmNewPin.password.value = document.sdui.getPin();document.frmNewPin.password2.value =
document.frmNewPin.password.value;document.frmNewPin.secidaction.value = "Save PIN";document.frmNewPin.secidactionSavePin.value = "Save PIN";document.frmNewPin.submit();}else if(rc == 2){document.frmNewPin.password.value = "";document.frmNewPin.password2.value= "";document.frmNewPin.secidactionCancel.value = "Cancel";document.frmNewPin.submit();}else{document.cancelForm.submit();}
}
Related Topics GeneratePin.thtml on page 64•
• LoginPage.thtml on page 79
autocomplete
Prevents the form from auto-filling username or authentication realm field entries using
cached values.
Object Type HTML form element
Included In All templates with forms
Usage Optional
Copyright © 2010, Juniper Networks, Inc.48
SA Series Custom Sign-in Pages
Example<form name="frmLogin" action="login.cgi" method="post" autocomplete="off"onsubmit="return Login()">
Related Topics None
Cancel.thtml
Displays a message to the user informing him that the sign-in request has been cancelled.
Object Type Template
Usage Required
Required Variables None
Example None
Related Topics Cancel-ppc.thtml on page 49
Cancel-ppc.thtml
Pocket PC version of “Cancel.thtml” on page 49.
Object Type Template
Usage Required
Required Variables None
Example None
Related Topics Cancel.thtml on page 49
cboxuser
Indicates whether or not the attendee is a Secure Access user.
Object Type Template variable
Included In LoginMeeting.thtml
Usage Required
If cboxuser = 1, this user is not signed in as a Secure Access user, and the page displays
a text box labeled "Your Name." If cboxuser = 0, this user is signed in as a Secure Access
49Copyright © 2010, Juniper Networks, Inc.
Chapter 1: Custom sign-in pages
user. In this case, the page does not display the text box labeled "YourName" but instead
displays the user’s sign-in name.
Example The following example displays the text box and label in an HTML table.
<% IF cboxuser%><tr><td align="right">Your Name:</td><td><input type=text name="username" value="<%username%>"maxlength="40" size="20"></td><%END%>
Related Topics LoginMeeting.thtml on page 78
ccInAcTimeout
Specifies the Cache Cleaner login inactivity in minutes.
Object Type Template variable
Included In LoginPage.thtml
Usage Required
Example The following code sets the timeout interval to 60000 milliseconds times the smaller
value of ccInAcTimeout or hcInAcTimeout.
<% IF hcInAcTimeout > ccInAcTimeout%>window.setTimeout("deletepreauth();", 60000 * <%ccInAcTimeout%>);<%ELSE%>window.setTimeout("deletepreauth();", 60000 * <%hcInAcTimeout%>);<%END%>
Related Topics LoginPage.thtml on page 79
ccRunning
Specifies whether or not Cache Cleaner is currently running.
Object Type Template variable
Included In LoginPage.thtml
Usage Required
Example The following code sets the timeout interval based on whether Host Checker and Cache
Cleaner are both running or only Host Checker.
Copyright © 2010, Juniper Networks, Inc.50
SA Series Custom Sign-in Pages
<% IF hcRunning && ccRunning%><% IF hcInAcTimeout > ccInAcTimeout%>window.setTimeout("deletepreauth();", 60000 * <%ccInAcTimeout%>);<%ELSE%>window.setTimeout("deletepreauth();", 60000 * <%hcInAcTimeout%>);<%END%><%ELSIF hcRunning %>window.setTimeout("deletepreauth();", 60000 * <%hcInAcTimeout%>);<%END%>
Related Topics LoginPage.thtml on page 79
cert_md5
Contains the cert-md5 statement (the MD5 fingerprint of the SSL peer’s certificate) that
enables the user to install an applet in a meeting session.
Object Type Template variable
Included In MeetingAppletInstaller.thtml
Usage Required
Example This fragment, which is contained in MeetingAppletInstaller.thtml, shows the use of the
cert_md5 variable:
<% IF install%><APPLET<%applet_ini FILTER verbatim%><PARAMNAME="Parameter0"VALUE="meeting_id=<%instanceId%>;user_name=<%username%>;cert_md5=<%cert_md5%>;ncp_read_timeout=<%ncp_read_timeout%>"><PARAMNAME="StartSessionReDir" VALUE="<%startSessionReDir%>">
Related Topics MeetingAppletInstaller.thtml on page 87
CertificateAuthentication
Use this variable if you want to specify that users signing into a certificate realm should
not see the username and password fields in the sign-in page.
Object Type Template variable
Included In LoginPage.thtml, LoginPage-ppc.thtml
Usage Secure Access sets this value to true if the authentication realm is set to a certificate
server. If you use this variable, Secure Access only displays the sign-in page to users when
51Copyright © 2010, Juniper Networks, Inc.
Chapter 1: Custom sign-in pages
they encounter one of the errors described in “LoginPageErrorCode” on page 81. (For
information about hiding this page from users authenticated against a eTrust SiteMinder
server using client-side certificate authentication, see “Login()” on page 77.) If you set
CertificateAuthentication, the realm is available in RealmList.0. You need to send the
realm in the form as a hidden variable.
Example The following code tests for AnonymousAuthentication and CertificateAuthentication:
<%IF !AnonymousAuthentication && !CertificateAuthentication%><%FOREACH prompt = prompts%><%NEXT IF !prompt.required%><%prompt.promptText%><input type="<%prompt.type%>" name="<%prompt.name%>" size="20"><%END%>
Related Topics AnonymousAuthentication on page 45•
• RealmList on page 117
changePasswordTitle
Argument to display password change title text.
Object Type Template variable
Included In PasswordChange.thtml, PasswordChange-ppc.thtml
Usage Optional
Example The following code tests the boolean showChangePasswordTitle and, if true, passes the
argument to the page, as is.
<%IF showChangePasswordTitle%><% changePasswordTitle FILTER verbatim%><%END%>
Related Topics showChangePasswordTitle on page 135
check
Contains the name of the GIF file that Secure Access displays on the MeetingTestResult
page.
Object Type Template variable
Included In MeetingTestResult.thtml
Copyright © 2010, Juniper Networks, Inc.52
SA Series Custom Sign-in Pages
Usage Required
Example The following code displays the GIF that is referenced in the check template variable:
<table cellpadding="2" cellspacing="2" border="0"><tr valign="top"><td><img src="<%home%>/imgs/space.gif" width="15" height="1"></td><td><img src="<%home%>/imgs/<% check%>"></td><tdwidth="100%" nowrap><%message FILTER verbatim%></td></tr></table>
Related Topics MeetingTestResult.thtml on page 91
checkActiveX()
Checks to see if ActiveX is enabled.
Object Type JavaScript function
Included In MeetingAppletInstaller.thtml, MeetingRun.thtml, MeetingTestMSJava.thtml,
MeetingTestJS.thtml, MeetingTestJava.thtml
Usage Optional
Example The following examples illustrate the verification of ActiveX.
From MeetingTestMSJava.thtml:
function checkActiveX () {if ( typeof(SecureMeetingApplet) == "undefined") {
redirect();return true;}setTimeout('redirect()', 5000);return true;
}
From MeetingRun.thtml:
function checkActiveX () {var f = document.meetingrun;if (typeof(f) == "undefined" ||typeof(f.button1) == "undefined")
53Copyright © 2010, Juniper Networks, Inc.
Chapter 1: Custom sign-in pages
return;try {
NeoterisSetup.isValid();f.button1.disabled = false;} catch (e) {;}}
From MeetingTestJS.thtml:
function checkActiveX () {var win = <%win32%>;try {NeoterisSetup.isValid();document.form1.submit();return true;} catch (e) {var url = win ? "/dana-
na/meeting/<%signin%>meeting_testmsjava.cgi?<%mid_param%>" : "/dana-na/meeting/<%signin%>meeting_testjava.cgi?<%mid_param%>";
document.location.replace(url);}}
From MeetingTestJava.thtml:
function checkActiveX () {setTimeout('redirect()', 30000);return true;}
Related Topics MeetingAppletInstaller.thtml on page 87•
• MeetingRun.thtml on page 88
• MeetingTestMSJava.thtml on page 91
• MeetingTestJava.thtml on page 90
• MeetingTestJS.thtml on page 90
color
Contains the color definition.
Object Type Template variable
Default value None
Included In Cancel-ppc.thtml, Cancel.thtml, Defender-ppc.thtml, Defender.thtml,
ExceededConcurrent-ppc.thtml, ExceededConcurrent.thtml, GeneratePin-ppc.thtml,
GeneratePin.thtml, GraceLoginUsed-ppc.thtml, GraceLoginUsed.thtml, LoginPage-
Copyright © 2010, Juniper Networks, Inc.54
SA Series Custom Sign-in Pages
ppc.thtml, LoginPage.thtml, Logout-ppc.thtml, Logout.thtml, NewPint-ppc.thtml,
NewPin.thtml, NextToken-ppc.thtml, NextToken.thtml, PasswordChange-ppc.thtml,
PasswordChange.thtml, PasswordExpiration-ppc.thtml, PasswordExpiration.thtml,
PleaseWait-ppc.thtml, PleaseWait.thtml, Remediate-ppc.thtml, Remediate.thtml, SM-
NewPinSelect-ppc.thtml, SM-NewPintSelect.thtml, SM-NewPinSystem-ppc.thtml, SM-
NewPinSystem.thtml,SM-NewUserPin-ppc.thtml,SM-NewUserPin.thtml,SM-NextToken-
ppc.thtml,SM-NextToken.thtml,SSL-ppc.thtml,SSL.thtml,SecondaryLoginPage-ppc.thtml,
SecondaryLoginpage.thtml, SelectRole-ppc.thtml, SelectRole.thtml,
ShowSysemPin-ppc.thtml, ShowSystemPin.thtml
Cancel.thtmlNewPinSystem.thtmlUsage Optional
Example This example sets the background color of the table cell to the value of color.
<td bgcolor="<% color%>"><img border="0" src="welcome.cgi?p=logo"alt="Logo"></td>
Related Topics None
Continue
Submits the hidden form when an end-user clicks the Continue button.
Object Type JavaScript function
Included In Remediate.thtml
Usage Optional
Example The following code fragment defines the Continue button and passes control to the
Continue() JavaScript function.
<input name="btnContinue" type="button" value="<% textContinue%>"onClick="Continue()">
Related Topics Remediate.thtml on page 119
cval
Handles the Radius secure ID challenge value.
Object Type HTML form field
Included In Defender.thtml
Usage Required
55Copyright © 2010, Juniper Networks, Inc.
Chapter 1: Custom sign-in pages
Example<INPUT type=hidden name="cval" value="<% secid_challenge%>">
Related Topics Defender.thtml on page 56
Defender.thtml
Prompts the Radius user to enter his PIN and provides the appropriate challenge values
from the server.
Object Type Template
In Usage Password Management
Required Variables “secid_challenge” on page 123
Example None
Related Topics Defender-ppc.thtml on page 56
Defender-ppc.thtml
Pocket PC version of “Defender.thtml” on page 56.
Object Type Template
Usage This template prompts the Radius user to enter his PIN and provides the appropriate
challenge values from the server. Unlike Defender.thtml, Defender- ppc.thtml does not
support the CASQUE server.
Required Variables “secid_challenge” on page 123
Example None
Related Topics Defender.thtml on page 56
delivery_mode
Indicates the delivery mode of an applet, whether Java or ActiveX.
Object Type Template variable
Included In Logout.thtml
Usage Required
Copyright © 2010, Juniper Networks, Inc.56
SA Series Custom Sign-in Pages
Example The following fragment checks to see if the delivery mode is Java when Cache Cleaner,
Host Checker, or Win32 applets are running during a user logout. If Java is the delivery
mode, the code indicates that the page should call the stopComponents function when
loading.
<% IF (pleasewaitObjectCC || pleasewaitObjectHC || pleasewaitWin32) &&delivery_mode == 'java'%>onload="javascript:stopComponents()"
<%END%>
Related Topics stopComponents() on page 148
DoUnload()
Forces Secure Access to cancel the current mode.
Object Type JavaScript function
Included In GeneratePin-ppc.thtml,GeneratePin.thtml,NewPin-ppc.thtml,NewPin.thtml,NextToken-
ppc.thtml, NextToken.ppc
GeneratePin.thtmlUsage Required. You must include this function in the header of NewPin.thtml and call it from
the body.
Example The following code shows how the DoUnload() function appears in the NewPin.thtml
template. The code serves a similar purpose in other templates, as well.
function DoUnload() {if (gCancelNewPinMode) {window.open("secid_cancelpin.cgi", "newpincancel","resizable=1,height=250,width=200,status=0");}}
Related Topics NewPin.thtml on page 99•
• NextToken.thtml on page 101
ExceededConcurrent.thtml
Displays a performance warning to the user when too many concurrent users are signed
into Secure Access.
Object Type Template
Usage Required. You must always include this template in your zip file. This is a standard Secure
Access page that displays a performance warning to the user when too many concurrent
users are signed into Secure Access. This template does not contain any JavaScript or
57Copyright © 2010, Juniper Networks, Inc.
Chapter 1: Custom sign-in pages
forms. It does contain an optional link to starter.cgi, however, that allows users to sign
into Secure Access as well as error message variables. For more information, see
comments in the template.
Required Variables None
Example None
Related Topics ExceededConcurrent-ppc.thtml on page 58
ExceededConcurrent-ppc.thtml
Pocket PC version of “ExceededConcurrent.thtml” on page 57. Displays a performance
warning to the user when too many concurrent users are signed into Secure Access.
Object Type Template
Usage Required
Required Variables None
Example None
Related Topics ExceededConcurrent.thtml on page 57
expired
Boolean indicating whether or not a meeting session has expired.
Object Type Template variable
Included In MeetingRun.thtml
Usage Required
Example The following code checks to see if ActiveX is enabled and that the session is not expired.
If both conditions are true, the meeting is initialized.
<% IF type == "activex" && !expired%><%meeting_ini FILTER verbatim%><%END%>
Related Topics MeetingRun.thtml on page 88
Copyright © 2010, Juniper Networks, Inc.58
SA Series Custom Sign-in Pages
FILTER verbatim
Indicates that the page should process the preceding variable raw, without performing
any parsing or other actions on the variable contents.
Object Type Template directive
Included In LoginMeeting.thtml, MeetingAppletInstaller.thtml, MeetingRun.thtml,
MeetingRunJava.thtml, MeetingTestJava.thtml, MeetingTestJS.thtml,
MeetingTestMSJava.thtml, MeetingTestResult.thtml, MeetingTrouble.thtml
Usage Optional. Most often used when loading applets or ActiveX controls, which do not need
to be processed by the Template Toolkit utilities in any way, but which should be passed
through to the page as is. Can also be used to pass text to the page, unfiltered.
Example The following code displays a label in a meeting page and loads the teleconference
information contained in the template variable, regardless of its content or format:
<span class="cssSmall"><b>Teleconference:</b></span><span class="cssSmall"><% teleconference_info FILTER verbatim%></span>
Related Topics activex_ini on page 44•
• applet_ini on page 45
• appstr on page 46
FinishLoad()
Use this function if you want to allow users to select from multiple realms in the sign-in
page.
Object Type JavaScript function
Included In GeneratePin.thtml, GeneratePin-ppc.thtml, LoginPage.thtml, LoginPage-ppc.thtml,
NewPin.thtml, NewPin-ppc.thtml, NextToken.thtml, NextToken-ppc.thtml,
ShowSystemPin.thtml, ShowSystemPin-ppc.thtml, Defender.thtml, Defender-ppc.thtml,
SecondaryLoginPage.thtml, SecondaryLoginPage-ppc.thtml, SM-NewPinSelect.thtml,
SM-NewPinSelect-ppc.thtml, SM-NewPinSystem.thtml, SM-NewPinSystem-ppc.thtml,
SM-NewUserPin.thtml,SM-NewUserPin-ppc.thtml,SM-NextToken.thtml,SM-NextToken-
ppc.thtml.
Usage Optional. If you are authenticating users through a eTrust SiteMinder server using
client-side certificate authentication, you may want to hide the standard Secure Access
sign-in page from users. If you are authenticating users through an anonymous
authentication server or certificate authentication server and want to bypass the standard
Secure Access sign-in page, see “AnonymousAuthentication” on page 45 or
“CertificateAuthentication” on page 51.
59Copyright © 2010, Juniper Networks, Inc.
Chapter 1: Custom sign-in pages
Example To post data to Secure Access without prompting users for any credentials, you may use
the following modified version of the FinishLoad() function. Note that this function only
bypasses the sign-in page if no errors occur while loading the page:
function FinishLoad() {recallLastRealmUsed();<% IF !LoginPageErrorCode%>Login();document.frmLogin.submit();<%END%>}
Related Topics GeneratePin.thtml on page 64•
• LoginPage.thtml on page 79
• SM-NewPinSelect.thtml on page 140
• SM-NewPinSystem.thtml on page 140
• SM-NewUserPin.thtml on page 141
• SM-NextToken.thtml on page 142
focus
Sets the focus on given component on a form.
Object Type Template variable
Included In Cancel-ppc.thtml,Cancel.thtml,LoginPage-ppc.thtml,LoginPage.thtml,NewPin-ppc.thtml,
NewPin.thtml, LoginMeeting.thtml, NextToken-ppc.thtml, NextToken.thtml,
MeetingRun.thtml, Defender-ppc.thtml, Defender.thtml, SecondaryLoginPage-ppc.thtml,
SecondaryLoginPage.thtml, SM-PinSelect-ppc.thtml, SM-PinSelect.thtml, SM-
NewPinSystem-ppc.thtml, SM-NewPinSystem.thtml, SM-NewUserPin-ppc.thtml, SM-
NewUserPin.thtml, SM-NextToken-ppc.thtml, SM-NextToken.thtml
Usage Required
Example The following code sets the focus (by way of a JavaScript function also called focus() )
to the form object indicated by the template variable focus:
function onLoad() {grab();document.frmLogin.<% focus%>.focus();}
Related Topics None
Copyright © 2010, Juniper Networks, Inc.60
SA Series Custom Sign-in Pages
FriendlyTime
Argument in number of seconds.
Object Type Template variable
Included In PasswordChange-ppc.thtml, PasswordChange.thtml, PasswordExpiration-ppc.thtml,
PasswordExpiration.thtml
Usage Argument for error code 2004, Password Too New.
Example None
Related Topics PageErrorArgs on page 103•
• PageErrorCode on page 103
frmCasque
HTML form that enables an end-user to initiate the CASQUE RADIUS server.
Object Type HTML form
Included In Defender.thtml
Usage Required
Example The following code illustrates the use of the frmCasque form. If the plug-in type is the
CASQUE RADIUS server plug-in, then the page loads the form:
<% IF plugintype == 'CASQUE'%><form name="frmCasque"method="POST" autocomplete=off><INPUT type=hidden name="cval" value="<% secid_challenge%>"><INPUT type=hidden name="p" value="casqueapp"><a href="#" onClick="submitFrmCasque(); return false;">LAUNCHCASQUE PLAYER</form>
Related Topics submitFrmCasque() on page 149
frmLogin
HTML form that enables the template page to trigger a call to the Login() function and
begins the sign in process for a user.
Object Type HTML Form
61Copyright © 2010, Juniper Networks, Inc.
Chapter 1: Custom sign-in pages
Included In LoginPage.thtml, LoginMeeting.thtml
LoginPage.thtmlUsage Required
Example The following code is the form definition statement:
<form name="frmLogin" action="login.cgi" method="post" autocomplete="off"onsubmit="return Login()">
Related Topics autocomplete on page 48
frmNextToken
Next Token HTML form.
Object Type HTML Form
Included In NextToken.thtml, NextToken-ppc.thtml, SM-NextToken.thtml, SM-NextToken-ppc.thtml
Usage Required
Example The following code illustrates the suggested form definition:
<FORM name="frmNextToken" action="login.cgi" method="POST"autocomplete=off onsubmit="return SubmitClicked();">
Related Topics NextToken.thtml on page 101
frmSelectRoles
Select Roles HTML form
Object Type HTML Form
Included In SelectRole-ppc.thtml, SelectRole.thtml
SelectRole.thtmlUsage Required
Example The following code illustrates the suggested form definition:
<FORM name="frmSelectRoles" autocomplete=off>
Related Topics SelectRole.thtml on page 129
Copyright © 2010, Juniper Networks, Inc.62
SA Series Custom Sign-in Pages
g_time
The time when the browser first loads the page.
Object Type JavaScript variable
Included In PleaseWait.thtml , PleaseWait-ppc.thtml
Usage Optional
Example None
Related Topics PleaseWait.thtml on page 111
gCancelNewPinMode
Prevents Secure Access from cancelling Generate PIN mode while the user is trying to
save a PIN or generate a new one.
Object Type JavaScript variable/flag
Included In GeneratePin-ppc.thtml, GeneratePin.thtml, NewPin-ppc.thtml, NewPin.thtml
Usage Required. You must include this flag in the header of GeneratePin.thtml. Works together
with the JavaScript DoUnload() and SubmitClicked() functions to call the appropriate
CGI on Secure Access if the user chooses to close the browser window without cancelling
his session first. If you do not include this code, the user may be locked out of Secure
Access when he closes his browser. In addition to including this JavaScript in your header,
you must also call the functionDoUnload() function from the body of GeneratePin.thtml.
Example You include the following code in the header of theNewPin.thtml template. This function
saves or cancels a PIN per the user’s request. Note that in this example, the
gCancelNewPinMode is set to false though it was initialized to true when the page loaded.
// Save / Cancel a PINfunction SubmitClicked() {gCancelNewPinMode = false;return true;}
Related Topics SubmitClicked() on page 149
gCancelNextTokenMode
Prevents Secure Access from cancelling Next Token mode while the user is trying to enter
his token.
63Copyright © 2010, Juniper Networks, Inc.
Chapter 1: Custom sign-in pages
Object Type JavaScript function
Included In NextToken-ppc.thtml, NextToken.thtml
Usage Required. The header in NextToken.thtml contains two required JavaScript functions,
DoUnload()andSubmitClicked(), as well as thegCancelNextTokenMode flag. These work
together to call the appropriate CGI on Secure Access if the user chooses to close the
browser window without cancelling his session first. If you do not include this code, the
user may be locked out of Secure Access when he closes his browser. In addition to
including this JavaScript in your header, you must also call theDoUnload() function from
the body of NextToken.thtml.
Example You must include this flag in the header of NextToken.thtml:
var gCancelNextTokenMode = true;
Related Topics NextToken.thtml on page 101
geckoBrowser
Boolean set to 1 if the browser is gecko-based (Firefox).
Object Type Template variable
Included In Logout.thtml, PleaseWait.thtml
Usage Required
Example The following code checks to see if the browser is Firefox, If yes, then the page loads the
proxy form in an iFrame (inline frame).
<% IF geckoBrowser%><IFRAME ID="proxy_frm" src="/dana-na/help/blank.html"WIDTH=0HEIGHT=0 FRAMEBORDER=0 SCROLLING=NO></IFRAME><%END%>
Related Topics safari on page 123
GeneratePin.thtml
Enables the user to create a system-generated PIN.
Object Type Template
Usage Required
Copyright © 2010, Juniper Networks, Inc.64
SA Series Custom Sign-in Pages
Required Variables None
Example When configuring the secid_pinselectmode variable (which sets the user’s PIN select
mode), note that possible values include:
Table 5: PIN usage indicators
DescriptionMode
User must use the system-generated PIN. He cannot enter his own PIN.0
User may enter his own PIN or use the system-generated PIN.1
User must enter his own PIN. He cannot use the system-generated PIN.2
Related Topics GeneratePin-ppc.thtml on page 65
GeneratePin-ppc.thtml
Pocket PC version of “GeneratePin.thtml” on page 64. The templates are identical, except
for name.
Object Type Template
Usage Required
Required Variables None
Example None
Related Topics GeneratePin.thtml on page 64
GetCookieValue()
Generic helper function that retrieves a value from a cookie, creates a string the length
of the value, and populates the string with the value.
Object Type JavaScript function
Included In LoginPage.thtml, LoginPage-ppc.thtml, PleaseWait.thtml, PleaseWait-ppc.thtml
Usage Use this function if you want to allow users to select from multiple realms in the sign-in
page.
sName—Cookie name.
Example The function definition follows:
65Copyright © 2010, Juniper Networks, Inc.
Chapter 1: Custom sign-in pages
function GetCookieValue(sName) {var s = document.cookie;sName += "=";
// where nv pair startsvar nStart = s.indexOf(sName);if (nStart == -1)return "";elsenStart += sName.length;// if more values, clip, otherwise just get rest of stringvar nEnd = document.cookie.indexOf(";", nStart);if (nEnd == -1)s = unescape(s.substring(nStart));elses = unescape(s.substring(nStart, nEnd));return s;}
Related Topics LoginPage.thtml on page 79•
• PleaseWait.thtml on page 111
grab()
Checks for browser type and grabs a cookie when a user tries to sign in to a meeting.
Object Type JavaScript function
Included In LoginMeeting.thtml
Usage Required
Example The following code shows the grab() function:
function grab() {var f = document.frmLogin;<% IF ie%>try {var result = NeoterisSetup.isValid();f.activex_enabled.value = 1;if (result == 1) f.power_user.value = 1;} catch (e) {f.activex_enabled.value = 0;}<%END%>f.java_enabled.value = navigator ? (navigator.javaEnabled() ? 1 : 0) : 0;}if (document.cookie.indexOf("DSMTCookie") < 0) {alert("Youmust enable cookies through yourWeb browser in order
Copyright © 2010, Juniper Networks, Inc.66
SA Series Custom Sign-in Pages
to sign into themeeting.");}
Related Topics LoginMeeting.thtml on page 78
GraceLoginsRemaining
Number of remaining grace logins.
Object Type Template variable
Included In GraceLoginUsed.thtml , GraceLoginUsed-ppc.thtml
Usage Optional. Argument for error code 2016.
Example The following code shows an example of how to display a message for the number of
grace logins available to the user:
<% IF LoginPageErrorCode == 2016%>You have <%LoginPageErrorArgs.GraceLoginsRemaining%> grace logins.<%END%>
Related Topics GraceLoginUsed.thtml on page 67•
• GraceLoginUsed-ppc.thtml on page 68
• PageErrorArgs on page 103
• PageErrorCode on page 103
GraceLoginUsed.thtml
Tells the user how many more times he can sign in using his current username and
password.
Object Type Template
Usage Required
Required Variables “startPageLink” on page 147
Example None
Related Topics GraceLoginUsed-ppc.thtml on page 68
67Copyright © 2010, Juniper Networks, Inc.
Chapter 1: Custom sign-in pages
GraceLoginUsed-ppc.thtml
Pocket PC version of “GraceLoginUsed.thtml” on page 67.
Object Type Template
Usage Same functionality as in GraceLoginUsed.thtml.
Required Variables “startPageLink” on page 147
Example None.
Related Topics GraceLoginUsed.thtml on page 67
HC_REMED_POLICIES_CHECK
Default text to suggest that policies are being evaluated.
Object Type Template variable
Included In Remediate.thtml
Usage Optional
Example The following code checks to see if the page is loading. If yes, then the page displays
several messages, including the default text to suggest that Secure Access is evaluating
policies:
<% IF showLoading%><% loading%><%pleasewait%><%HC_REMED_POLICIES_CHECK%><%END%>
Related Topics HC_REMED_SHOW_ADV_PREFS on page 68•
• Remediate.thtml on page 119
HC_REMED_SHOW_ADV_PREFS
Default text instructing how to re-enable remediation.
Object Type Template variable
Included In Remediate.thtml
Copyright © 2010, Juniper Networks, Inc.68
SA Series Custom Sign-in Pages
Usage Optional
Example The following code illustrates how to call the variable to display instructions to re-enable
remediation:
<% IF showRemedOption%><input name="btnHideRemed" type="button"value="<% textRemedOption%>" onClick="HideRemed();<%disabled%>"><%HC_REMED_SHOW_ADV_PREFS%><%END%>
Related Topics HC_REMED_SHOW_ADV_PREFS on page 68•
• Remediate.thtml on page 119
hcInAcTimeout
Specifies the Host Checker login inactivity in minutes.
Object Type Template variable
Included In LoginPage.thtml
Usage Required
Example The following code sets the timeout interval to 60000 milliseconds times the smaller
value of ccInAcTimeout or hcInAcTimeout.
<% IF hcInAcTimeout > ccInAcTimeout%>window.setTimeout("deletepreauth();", 60000 * <%ccInAcTimeout%>);<%ELSE%>window.setTimeout("deletepreauth();", 60000 * <%hcInAcTimeout%>);<%END%>
Related Topics LoginPage.thtml on page 79
hcRunning
Specifies whether or not Host Checker is currently running.
Object Type Template variable
Included In LoginPage.thtml
Usage Required
69Copyright © 2010, Juniper Networks, Inc.
Chapter 1: Custom sign-in pages
Example The following code sets the timeout interval based on whether Host Checker and Cache
Cleaner are both running or only Host Checker.
<% IF hcRunning && ccRunning%><% IF hcInAcTimeout > ccInAcTimeout%>window.setTimeout("deletepreauth();", 60000 * <%ccInAcTimeout%>);<%ELSE%>window.setTimeout("deletepreauth();", 60000 * <%hcInAcTimeout%>);<%END%><%ELSIF hcRunning %>window.setTimeout("deletepreauth();", 60000 * <%hcInAcTimeout%>);<%END%>
Related Topics LoginPage.thtml on page 79
heading
Contains default text for the different remediation headings.
Object Type Template variable
Included In Remediate.thtml , Remediate-ppc.thtml
Usage Required
Example The following code shows a heading and a message if the showHeading variable is true:
<% IF showHeading%><%heading%><%msg FILTER verbatim%><%END%>
Related Topics showHeading on page 136
help
String to use as the button name.
Object Type Template variable
Default value “Help”
Included In LoginPage.thtml, SecondaryLoginPage.thtml
LoginPage.thtmlUsage Optional
Example The string “Help” (the default value of the help variable) is displayed on the button.
Copyright © 2010, Juniper Networks, Inc.70
SA Series Custom Sign-in Pages
<input type='submit' name='help' value="<% help%>"
Related Topics Adding Custom Help Files on page 13
help_on
Flag that determines whether the help button should be displayed.
Object Type Template variable
Default value 0 (integer)
Included In Loginpage.thtml, SecondaryLoginPage.thtml
Loginpage.thtmlUsage Optional
Example The following code displays a help button if the help_on variable is true.
<% IF help_on%><input type='submit' name='help' value="<% help%>"onclick='window.open("welcome.cgi?p=help", "wndHelp","height=400,width=500,resizeable=yes,scrollbars=yes"); return false;'>
Related Topics Adding Custom Help Files on page 13
HideRemed( )
Submits the hidden form when the end-user clicks theHide Remediation button.
Object Type JavaScript function
Included In Remediate.thtml , Remediate-ppc.thtml
Usage Required
Example The following code calls the HideRemed() function:
<% IF showRemedOption%><input name="btnHideRemed" type="button"value="<% textRemedOption%>"onClick="HideRemed(); <%disabled%>"><%HC_REMED_SHOW_ADV_PREFS%><%END%>
Related Topics Remediate.thtml on page 119
71Copyright © 2010, Juniper Networks, Inc.
Chapter 1: Custom sign-in pages
Home
References the top-level directory in the zip file.
Object Type Template variable
Included In All templates
Usage You can use this variable or the double-dot (..) convention to reference the top-level
directory.
Example Both of the following references are valid:
<%Home%>/images/logo.gif../images/logo.gif
Related Topics Using the Template Toolkit on page 13
ie
Boolean variable that indicates whether or not the browser is the Microsoft Internet
Explorer.
Object Type Template variable
Included In LoginMeeting.thtml
Usage Required
Example The following example checks to see if the browser is Internet Explorer, and if it is, enables
ActiveX.
<% IF ie%><OBJECT<%activex_ini FILTER verbatim%></OBJECT><%END%>
Related Topics ie_winxp on page 72
ie_winxp
Boolean indicating if the browser is Internet Explorer and the OS is Windows XP.
Object Type Template variable
Copyright © 2010, Juniper Networks, Inc.72
SA Series Custom Sign-in Pages
Included In PleaseWait.thtml
Usage Optional. The variable value is 1 if the browser is Internet Explorer and the OS is Windows
XP.
Example<% IF ie_winxp%>
Related Topics PleaseWait.thtml on page 111
install
Boolean indicating whether or not the meeting applet should be installed.
Object Type Template variable
Included In MeetingAppletInstaller.thtml, MeetingRun.thtml
Usage Required
Example<% IF install%>
Related Topics MeetingAppletInstaller.thtml on page 87•
• MeetingRun.thtml on page 88
instanceId
Contains the ID of the current meeting instance.
Object Type Template variable
Included In MeetingAppletInstaller.thtml
Usage Required
Example<PARAMNAME="Parameter0" VALUE="meeting_id=<% instanceId%>;user_name=<%username%>;cert_md5=<%cert_md5%>;ncp_read_timeout=<%ncp_read_timeout%>">
Related Topics MeetingAppletInstaller.thtml on page 87
instructions
Instructional text displayed to the user on the login page.
73Copyright © 2010, Juniper Networks, Inc.
Chapter 1: Custom sign-in pages
Object Type Template variable
Default Value “Please sign in to begin your secure session”
Included In LoginPage.thtml
Usage Optional
Example <% instructions FILTER verbatim%>
Related Topics None
isLinux
Boolean indicating whether or not the end-user’s operating system is a Linux system.
Object Type Template variable
Included In PleaseWait.thtml
Usage Optional
Example<% isLinux%>
Related Topics PleaseWait.thtml on page 111
isSAMEnabled
Boolean indicating whether or not JSAM application is enabled and running.
Object Type Template variable
Included In Logout.thtml
Usage Optional. Allows the end-user to close the JSAM window.
Example The following code checks to see if JSAM is enabled and running. If it is, then the system
uses the JavaScript below to close the JSAM window:
<% IF isSAMEnabled%><!-- terminate JSAM --><SCRIPT LANGUAGE="JavaScript">var win = "<%user%>";win =win.replace(/[^0-9a-zA-Z]/g,"a");w =window.open("", win, "height=1,width=1");
Copyright © 2010, Juniper Networks, Inc.74
SA Series Custom Sign-in Pages
if (w) {w.bSessionClose = true;w.close();}</SCRIPT><%END%>
Related Topics Logout.thtml on page 85
keyboard.js
Enables keyboard types of functions for a mouseless environment.
Object Type JavaScript file
Included In LoginPage.thtml (Kiosk)
Usage Required in Kiosk zip. This template displays an error if the user signs out, if the user’s
session times out, or if Secure Access uninstalls Host Checker or Cache Cleaner from the
user’s system. For more detailed information, see “Logout.thtml” on page 85. You must
always include this template in your Kiosk.zip file.
Example None
Related Topics LoginPage.thtml on page 79
labelInstructions
Instructions tag, indicating a location for instructions to appear on the page.
Object Type Template variable
Included In Remediate.thtml , Remediate-ppc.thtml
Usage Optional
Example The following code loops through a list of failed policies, displays each policy name and
remediation instructions:
<%FOREACH failedPolicy = listFailedPolicies%><% loop.count%><% failedPolicy.name%><% labelInstructions%><% failedPolicy.remediation FILTER verbatim%><%END%>
Related Topics Remediate.thtml on page 119
75Copyright © 2010, Juniper Networks, Inc.
Chapter 1: Custom sign-in pages
listFailedPolicies
Template Toolkit hash value of failed policies (keys: name and remediation).
Object Type Template variable
Included In Remediate.thtml , Remediate-ppc.thtml
Usage Required
Example The following example checks to see if the page should show failed policies and, if so,
loops through the list of failed policies (the hash list listFailedPolicies) and displays the
name of each policy along with label instructions and remediation instructions:
<% IF showPolicies%><%FOREACH failedPolicy = listFailedPolicies%><% loop.count%><% failedPolicy.name%><% labelInstructions%>:<% failedPolicy.remediation FILTER verbatim%><%END%>
Related Topics Remediate.thtml on page 119
loading
Contains default text to be printed when ActiveX/applet is loading.
Object Type Template variable
Included In Remediate.thtml , Remediate-ppc.thtml
Usage Optional
Example The following code tests to see if the page is still loading and displays messages to the
end-user:
<% IF showLoading%><% loading%><%pleasewait%>
Related Topics Remediate.thtml on page 119
locale
Returns a locale that applies to an applet the page is attempting to upload.
Copyright © 2010, Juniper Networks, Inc.76
SA Series Custom Sign-in Pages
Object Type Template variable
Included In Logout.thtml, MeetingAppletInstaller.thtml, MeetingTrouble.thtml
Logout.thtmlUsage Required
Example The following code sets the HTML form locale based on the template variable:
<PARAMNAME="locale" VALUE="<% locale%>">
Related Topics safari on page 123
loginmode
Passes the user’s mode to the server using a hidden value.
Object Type HTML form field
Included In GeneratePin.thtml, GeneratePin-ppc.thtml, NewPin.thtml, NewPin-ppc.thtml,
NextToken.thtml, NextToken-ppc.thtml, Defender.thtml, Defender-ppc.thtml, SM-
NewPinSelect.thtml, SM-NewPinSelect-ppc.thtml, SM-NewPinSystem.thtml, SM-
NewPinSystem-ppc.thtml, SM-NewUserPin.thtml, SM-NewUserPin-ppc.thtml, SM-
NextToken.thtml, SM-NextToken-ppc.thtml
Usage Required. Typically names a template directive that returns the user’s login mode from
a server.
Example The following code assigns the secure ID loginmode to the form field:
<INPUT type=hidden name="loginmode" value="<% secid_loginmode%>">
Related Topics secid_loginmode on page 124
Login()
Verifies that realms exist, remembers currently selected authentication realms, and
establishes the user’s time zone.
Object Type JavaScript function
Included In LoginPage.thtml , LoginPage-ppc.thtml
Usage Required. This function includes two actions:
• Remember the selected authentication realm—Use this action within the function if
you want to allow users to select from multiple realms in the sign-in page.
77Copyright © 2010, Juniper Networks, Inc.
Chapter 1: Custom sign-in pages
• Establish the user’s time zone—Required. The function uses the tz_offset (time zone
offset) variable and getTimezoneOffset() function to determine the user’s time zone.
Examplefunction Login() {// Remember currently selected auth realmif (document.frmLogin.realm != null &&document.frmLogin.realm.type == "select-one") {SetLastRealm(document.frmLogin.realm.options
[document.frmLogin.realm.selectedIndex].text);}if (document.frmLogin.tz_offset != null) {var wdate = newDate (95, 12, 1);var sdate = newDate (95, 6, 1);var winter = (-1) * wdate.getTimezoneOffset();var summer = (-1) * sdate.getTimezoneOffset();document.frmLogin.tz_offset.value =winter < summer ?winter : summer;}return true;}
Related Topics LoginPage.thtml on page 79
LoginMeeting.thtml
Displays the user credentials form to enable a user to sign in to a meeting.
Object Type Template file
Usage Required in the uploadedMeeting.zip. This template provides a page on which the end-user
can enter credentials to gain access to a meeting.
The form action must specify login_meeting.cgi. The template includes the JavaScript
function grab(), which checks to see which type of browser the user is running, and if
ActiveX, Java, and cookies are enabled, depending on the browser type.
You can modify the alert contained in the required JavaScript. The alert is:
alert("Youmust enable cookies through yourWeb browser in order to sign into themeeting.");
Required Variables • “activex_ini” on page 44
• “cboxuser” on page 49
• “focus” on page 60
• “Home” on page 72
• “ie” on page 72
Copyright © 2010, Juniper Networks, Inc.78
SA Series Custom Sign-in Pages
• “mid” on page 92
• “mid_param” on page 93
• “occurrence” on page 102
• “username” on page 157
Example None
Related Topics grab() on page 66
LoginPage.thtml
Calls the RSA Soft ID client, enabling the user to sign into Secure Access using Soft ID
authentication.
Object Type Template
Usage Required. You must always include this template in your zip file. You must always include
LoginPage.thtml in your zip file, even if you are using an authentication server that does
not require a username or password. This is the standard Secure Access sign-in page
that collects the user’s name, password, and authentication realm, and displays an error
if authentication fails. For information about hiding this page from users authenticated
against a(n):
• Anonymous server, see “AnonymousAuthentication” on page 45
• Certificate server, see “CertificateAuthentication” on page 51
• eTrust SiteMinder server using client-side certificate authentication, see “Login()” on
page 77
LoginPage.thtml contains the following suggested form definition. In this form definition,
most elements are required:
<form name="frmLogin" action="login.cgi" method="post" autocomplete="off"onsubmit="return Login()">
Required Variables “LoginPageErrorMessage” on page 84
Example None
Related Topics Login() on page 77•
• LoginPage-ppc.thtml on page 80
79Copyright © 2010, Juniper Networks, Inc.
Chapter 1: Custom sign-in pages
LoginPage-ppc.thtml
Calls the RSA Soft ID client, enabling the user to sign into Secure Access using Soft ID
authentication. Pocket PC version of “LoginPage.thtml” on page 79.
Object Type Template
Usage Required. Unlike LoginPage.thtml, however, the Pocket PC version of this template
excludes the Account Disabled verification. If you are customizing any sign-in pages for
the Pocket PC, you must always include LoginPage-ppc.thtml in your zip file, even if you
are using an authentication server that does not require a username or password. This
is the standard Secure Access sign-in page that collects the user’s name, password, and
authentication realm, and displays an error if authentication fails. For information about
hiding this page from users authenticated against a(n):
• Anonymous server, see “AnonymousAuthentication” on page 45
• Certificate server, see “CertificateAuthentication” on page 51
• eTrust SiteMinder server using client-side certificate authentication, see “Login()” on
page 77.
Required Variables “LoginPageErrorMessage” on page 84
Example None
Related Topics LoginPage.thtml on page 79
LoginPageErrorArgs
Contains the arguments for an error or message.
Object Type Template variable
Included In GraceLoginUsed.thtml, GraceLoginUsed-ppc.thtml, PasswordExpiration.thtml,
PasswordExpiration-ppc.thtml
Usage Optional
Example In the following example,GraceLoginsRemaining is the argument to error code 2016. The
directive that contains LoginPageErrorArgs.GraceLoginsRemaining returns the number of
remaining login attempts Secure Access allows a user.
<% IF LoginPageErrorCode == 2016%>Your password has expired. A grace login was used.You have <%LoginPageErrorArgs.GraceLoginsRemaining%> grace loginsremaining.<%ELSE%>
Copyright © 2010, Juniper Networks, Inc.80
SA Series Custom Sign-in Pages
<%LoginPageErrorMessage%><%END%>
Related Topics LoginPageErrorCode on page 81
LoginPageErrorCode
Codes indicating errors that you can display to users.
Object Type Template variable
Included In ExceededConcurrent.thtml, GraceLoginUsed-ppc.thtml, GraceLoginUsed.thtml,
LoginPage.thtml, PasswordExpiration-ppc.thtml, PasswordExpiration.thtml, SSL.thtml
Usage Optional. Although this template variable is optional, you should leave intact the template
variables that are already included in the various templates. You can modify many of the
error messages, but you must leave the codes as defined. Secure Access returns these
codes on various conditions. Some may be no more than confirmation messages. Others
are conditions to which the user needs to respond.
Example The following example shows how you can use the Template Toolkit conditional
statements to define two alternate error conditions. In this example, the different error
codes display appropriate HTML pages. If Secure Access does not return either of the
error codes, the user never sees the two error pages.
<head><% IF LoginPageErrorCode == 1021%><meta http-equiv=” refresh” content=” 0;url=AcctDisabledError.html” >
Table 6 on page 81 lists possible errors that the user may see on this page as well as the
corresponding text returned by the LoginPageErrorMessage variable:
Table 6: Login Error Messages, Codes, and Related Notes
CommentsError CodeError message
Wrong user credentials.1002Invalid Username or Password
Client certificate not passed forauthentication.
1003This login requires a digital certificate.
1004The digital certificate is invalid.
1006Only admins are permitted to login.
The source IP failed the IPRestriction check.
1007Logins are not permitted from this IP address.
81Copyright © 2010, Juniper Networks, Inc.
Chapter 1: Custom sign-in pages
Table 6: Login Error Messages, Codes, and Related Notes (continued)
CommentsError CodeError message
The User Agent header failedthe User Agent Restrictioncheck.
1008Logins are not permitted using this browser
Displayed if a realm is not sentto Secure Access. This error isonly displayed if a coding errorexists in LoginPage.thtml.
1009There are no auth servers defined for this user.
Exceeded the number ofconcurrent users based on theuser license plus a 10%allowance.
1010Exceeded the number of concurrent users.
1011The IP has been blocked due too manyconcurrent sign-in attempts.
The password failed thePassword Restriction check.When using eTrust auto-signon,the end-user should never seethis event.
1012The password is too short.
This site requires SecureSockets Layer (SSL) protocolversion 3.
1015Not using SSLv3
1016This site requires Strong ciphers.
The number of concurrent userssigned in to the system hasexceeded the system limit butis still within the 10%allowance.
1017Too many users have logged in
Displayed when a superadministrator is signed in andSecure Access is in recoverymode.
1018Sign on for administrators is disabled. You cantry again in a few minutes.
Only used with ACEauthentication.
1019Your New PIN has been saved. Please make sureto remember it.
Used with the passwordmanagement feature.
1020Password Change Success
Used with the passwordmanagement feature.
1021Account Disabled
Used with the passwordmanagement feature.
1022Account Locked Out
Copyright © 2010, Juniper Networks, Inc.82
SA Series Custom Sign-in Pages
Table 6: Login Error Messages, Codes, and Related Notes (continued)
CommentsError CodeError message
Used with the passwordmanagement feature.
1023Account Expired
End-user explicitly logged off.1024Secure Access session has been terminated.
This event can be triggeredwhen the client machine doesnot pass any realm restrictions(hence, no realm), or does notsatisfy any end-point securitypolicies (HC/CC).
1025You do not have permission to login.
Exceeded maximum number ofusers for this authenticationrealm.
1027This realm has reached the max session limit.
License required to use thisaccess method is missing.
1028Unlicensed Feature
Only used with eTrustSiteMinder authentication.
1029Access denied. Please try signing in again usinga host name (for example,https://department.yourcompany) instead ofan IP address (such as http://10.11.12.13)
The end-user is not allowed tosign in because the rolemapping rules of theauthentication realm do notmap the end-user to any role.
1030You do not have the correct privileges to accessthe system. Please contact your administratorfor more information.
The client certificate has beenrevoked.
1032Certificate has been revoked.
Secure Access encountered afailure while performing anOCSP check.
1033Cannot determine the status of your certificate.
Secure Access cannot accessany SAML assertion whileperforming SAML SSO. The useris prompted to access thesource site's Intersite TransferService to continue.
1034You must use your source site's Intersite TransferService to access this resource.
This event will be triggered onlywhen the feature is turned ON.The system limit is built-in 25user license plus any purchasedAdvanced Endpoint Defenseuser license.
1035The number of concurrent Advanced EndpointDefense (Malware Protection) users signed intothe system has exceeded the system limit.
83Copyright © 2010, Juniper Networks, Inc.
Chapter 1: Custom sign-in pages
Related Topics LoginPageErrorMessage on page 84
LoginPageErrorMessage
Secure Access error message text that you can display to users.
Object Type Template variable
Included In ExceededConcurrent-ppc.thtml, ExceededConcurrent.thtml, GraceLoginUsed-ppc.thtml,
GraceLoginUsed.thtml, LoginPage-ppc.thtml, LoginPage.thtml, Logout-ppc.thtml,
Logout.thtml,PleaseWait.thtml,PasswordExpiration-ppc.thtml, PasswordExpiration.thtml,
SSL-ppc.thtml, SSL.thtmlUsage
ExceededConcurrent.thtml, GraceLoginUsed.thtml, LoginPage.thtml, Logout.thtml,
PleaseWait.thtml, PasswordExpiration.thtml, SSL.thtmlRequired. This text corresponds
with a code returned by LoginPageErrorCode. Note that you cannot change this text on
Secure Access, but you can include code in your template to display different text based
on the error code returned by the LoginPageErrorCode variable. You can also use the
variable in a directive to display an error message in a particular location or based on a
given event.
Example The following code prompts the user to re-enter credentials or to sign in at another time.
Note that the messages can be whatever you want them to be:
<% IF LoginPageErrorCode == 1002%><b> Your username or password is incorrect. Please reenter your credentials.</b><%ELSIF LoginPageErrorCode == 1006%><b> The system is undergoingmaintenance. Only administrators are allowedto sign in at this time.</b><%END%>
The following code tests the pleasewait condition and, if true, displays the Login page
error message that occurs as a result:
if (document.getElementById('pleasewait1')) {document.getElementById('pleasewait1').innerHTML ="<%LoginPageErrorMessage FILTER verbatim%>";}
Related Topics LoginPageErrorCode on page 81
login_required
Boolean indicating whether or not login to the meeting session is required.
Object Type Template variable
Copyright © 2010, Juniper Networks, Inc.84
SA Series Custom Sign-in Pages
Included In MeetingRunJava.thtml
Usage Required
Example The following example checks to see if login is required. If yes, then the page redirects
the user back to the meeting sign-in page:
<% IF login_required%>redirectParent();<%END%>
Related Topics MeetingRunJava.thtml on page 88
Logout.thtml
Displays an error if the user signs out, if the user’s session times out, or if Secure Access
uninstalls Host Checker or Cache Cleaner from the user’s system.
Object Type Template
Usage Required. You must always include Logout.thtml in your zip file.
This template contains JavaScript for detecting, stopping, installing, and uninstalling the
Host Checker and Cache Cleaner components, images and text to display to users while
Secure Access performs these actions, and JavaScript that closes and opens the J-SAM
window.
This template contains JavaScript for detecting, stopping, installing, and uninstalling
Host Checker components, as well as images and text to display to users while the
performs these actions.
This template also includes variables telling users to wait while components install, a
link that users can use to sign back into Secure Access, and error message variables.
When configuring the LoginPageErrorMessage variable included in this template, note
that the text that Secure Access displays to users corresponds with a code returned by
LoginPageErrorCode. You cannot change this text on Secure Access, but you can include
code in your template to display different text based on the error code returned by the
LoginPageErrorCode variable. For example:
<% IF LoginPageErrorCode == 1001%><b> Your secure gateway session has ended due to inactivity.</b><%END%>
Described below are the possible errors that the LoginPageErrorCode may return as well
as the corresponding text returned by the LoginPageErrorMessage variable:
85Copyright © 2010, Juniper Networks, Inc.
Chapter 1: Custom sign-in pages
Table 7: Additional Login Error Messages and Codes
Error CodeError Message
1000Maximum Session Timeout Reached.
1001Idle Time Out.
For detailed information about the JavaScript and variables described here, see comments
in the template.
Required Variables • “delivery_mode” on page 56
• “geckoBrowser” on page 64
• “locale” on page 76
• “LoginPageErrorMessage” on page 84
• “nc_logging” on page 95
• “Netscape4xx” on page 99
• “pleasewaitLogoutJSCode” on page 112
• “PleaseWaitObjectCC” on page 113
• “pleasewaitWin32” on page 114
• “safari” on page 123
• “Setupappversion” on page 133
• “UninstallCC” on page 156
Example None
Related Topics Logout-ppc.thtml on page 86
Logout-ppc.thtml
Displays a message when the user signs out. Pocket PC version of “Logout.thtml” on
page 85.
Object Type Template
Usage This version of the logout template does not include any of the authentication and
application checks that Logout.thtml performs. When you visually compare the two files,
you can see that the Pocket PC version excludes all of the JavaScript functions for checking
application status.
Required Variables • “delivery_mode” on page 56
• “geckoBrowser” on page 64
Copyright © 2010, Juniper Networks, Inc.86
SA Series Custom Sign-in Pages
• “locale” on page 76
• “LoginPageErrorMessage” on page 84
• “nc_logging” on page 95
• “Netscape4xx” on page 99
• “pleasewaitLogoutJSCode” on page 112
• “PleaseWaitObjectCC” on page 113
• “pleasewaitWin32” on page 114
• “safari” on page 123
• “Setupappversion” on page 133
• “UninstallCC” on page 156
Example None
Related Topics Logout.thtml on page 85
MeetingAppletInstaller.thtml
Enables Secure Access to display list of and install meeting-related applets.
Object Type Template
Usage Required. The page displays troubleshooting messages if the applets do not install. You
cannot change the text, as Secure Access generates the troubleshooting messages. You
can, however, add links if you want to provide additional meeting-related applets to your
users. These applets are not covered by the certificate validation Secure Access performs
on Juniper-supplied applets.
Required Variables • “applet_ini” on page 45
• “cert_md5” on page 51
• “install” on page 73
• “instanceId” on page 73
• “locale” on page 76
• “ncp_read_timeout” on page 95
• “username” on page 157
• “startSessionReDir” on page 148
• text
• “troubleshooting” on page 153
• uninstallReDir
87Copyright © 2010, Juniper Networks, Inc.
Chapter 1: Custom sign-in pages
Example None
Related Topics MeetingRun.thtml on page 88•
• MeetingSelect.thtml on page 89
MeetingRun.thtml
Tests Sun JVM compatibility.
Object Type Template
Usage Required
Required Variables • errors
• “expired” on page 58
• “Home” on page 72
• “message” on page 92
• “mid” on page 92
• “occurrence” on page 102
• title
• “type” on page 154
• “username” on page 157
• “warnings” on page 158
Example None
Related Topics LoginMeeting.thtml on page 78
MeetingRunJava.thtml
Launches the Meeting Java client.
Object Type Template
Usage Required
Required Variables • “appstr” on page 46
• href
• “login_required” on page 84
• url
Copyright © 2010, Juniper Networks, Inc.88
SA Series Custom Sign-in Pages
Example None
Related Topics LoginMeeting.thtml on page 78
meetings
Returns an array of meetings that the MeetingSelect.thtml template uses as a way to
cycle through logins to active meetings.
Object Type Template variable
Included In MeetingSelect.thtml
Usage Required. You should not modify or delete this variable.
Example The following code returns a list of instantiated meetings:
<% IF rows%><%FOREACHmeeting =meetings%><input type="button" value=" > " onclick="self.location='/dana-na/meeting/<%signin%>login_meeting.cgi?mid=<%mid%>&occurrence=<%meeting.3%><%params%>'"><%started%><%meeting.0%><%meeting.1%><%meeting.2%><%END%><%END%>
Related Topics rows on page 122
MeetingSelect.thtml
Enables user to select recurring meeting occurrences.
Object Type Template
Usage Required
Required Variables • “meetings” on page 89
• “mid” on page 92
• “params” on page 105
• “rows” on page 122
• “started” on page 147
89Copyright © 2010, Juniper Networks, Inc.
Chapter 1: Custom sign-in pages
• text
• title
Example None
Related Topics LoginMeeting.thtml on page 78
MeetingTestJava.thtml
Tests Sun JVM compatibility.
Object Type Template
Usage Required
Required Variables “mid” on page 92•
• “mid_param” on page 93
• “testjava_ini” on page 150
Example None
Related Topics LoginMeeting.thtml on page 78
MeetingTestJS.thtml
This is the first page in the platform compatibility checker sequence. Tests JavaScript
compatibility.
Object Type Template
Usage Required. If the end-user’s browser does not support JavaScript, or if they need to enable
JavaScript functionality in their browser, this template displays appropriate messages
depending on the browser type and the problem, and offers hints to address the problem.
Required Variables • “activex_ini” on page 44
• “mid” on page 92
• “mid_param” on page 93
• “win32” on page 158
Example None
Related Topics LoginMeeting.thtml on page 78
Copyright © 2010, Juniper Networks, Inc.90
SA Series Custom Sign-in Pages
MeetingTestMSJava.thtml
Tests Microsoft JVM compatibility.
Object Type Template
Usage Required
Required Variables “applet_ini” on page 45•
• “mid” on page 92
• “mid_param” on page 93
Example None
Related Topics LoginMeeting.thtml on page 78
MeetingTestResult.thtml
Displays Meeting test results.
Object Type Template
Usage Required
Required Variables • “check” on page 52
• “message” on page 92
• “remedy1” on page 121
• “remedy2” on page 121
Example None
Related Topics MeetingTestMSJava.thtml on page 91•
• MeetingTestJava.thtml on page 90
• MeetingTestJS.thtml on page 90
• MeetingTestResult.thtml on page 91
MeetingTrouble.thtml
Template Page for the Meeting Test Result page.
Object Type Template
91Copyright © 2010, Juniper Networks, Inc.
Chapter 1: Custom sign-in pages
Usage Required
Required Variables • “Home” on page 72
• “locale” on page 76
• “mid” on page 92
• “midStr” on page 93
• “occurrence” on page 102
• “startSessionReDir” on page 148
• “type” on page 154
• “uninstall_action” on page 155
• “uninstallReDir” on page 156
Example None
Related Topics MeetingTestResult.thtml on page 91
message
Returns a message based on a server response.
Object Type Template variable
Included In MeetingRun.thtml, MeetingTestResult.thtml, SecondaryLoginPage.thtml,
SecondaryLoginPage-ppc.thtml
Usage Optional
Example<% IFmessage%><%message%><%END%>
Related Topics MeetingRun.thtml on page 88•
• MeetingTestResult.thtml on page 91
• SecondaryLoginPage.thtml on page 128
mid
Contains the meeting ID.
Object Type Template variable
Copyright © 2010, Juniper Networks, Inc.92
SA Series Custom Sign-in Pages
Included In LoginMeeting.thtml, MeetingRun.thtml, MeetingTestJava.thtml, MeetingTestJS.thtml,
MeetingTestMSJava.thtml, MeetingTrouble.thtml, PasswordChange-ppc.thtml,
PasswordChange.thtml
Usage Required
Example The following code assigns the meeting ID to a form input object:
<input type="hidden" name="mid" value="<%mid%>">
Related Topics LoginMeeting.thtml on page 78•
• MeetingRun.thtml on page 88
• MeetingTestJava.thtml on page 90
• MeetingTestJS.thtml on page 90
• MeetingTestMSJava.thtml on page 91
• MeetingTrouble.thtml on page 91
• PasswordChange.thtml on page 107
mid_param
Contains the URL parameters for the platform compatibility checker page.
Object Type Template variable
Included In LoginMeeting.thtml, MeetingTestJava.thtml, MeetingTestJS.thtml,
MeetingTestMSJava.thtml
Usage Required
Example The following code passes the meeting ID URL to the JavaScript compatibility CGI:
<a href="/dana-na/meeting/<% signin%>meeting_testjs.cgi<%mid_param%>">CheckMeeting Compatibility
Related Topics mid on page 92
midStr
Contains the URL parameter for the meeting.
Object Type Template variable
Included In MeetingTrouble.thtml
93Copyright © 2010, Juniper Networks, Inc.
Chapter 1: Custom sign-in pages
Usage Required
Example The following line shows how the midStr variable is appended to a CGI URL, to send the
user to the correct compatibility checker for the current meeting.
“Use the <a href="/dana-na/meeting/meeting_testjs.cgi<%midStr%>">compatibility checker</a> to see if you need to upgrade any of yourcomponents.”
Related Topics MeetingTrouble.thtml on page 91
MinimumPasswordLength
Argument for error code 2006. The argument is the minimum length of password required.
Object Type Template variable
Included In PasswordChange.thtml , PasswordChange-ppc.thtml
Usage Optional
Example None
Related Topics LoginPageErrorCode on page 81•
• PasswordChange.thtml on page 107
msg
Contains any extra remediation related default instructions.
Object Type Template variable
Included In Remediate.thtml
Usage Optional
Example The following code checks to see if a heading is to be shown. If yes, then the page displays
the heading, followed by any remediation message that might be available.
<% IF showHeading%><%heading%><%msg FILTER verbatim%><%END%>
Related Topics Remediate.thtml on page 119
Copyright © 2010, Juniper Networks, Inc.94
SA Series Custom Sign-in Pages
nc_logging
Initiates Network Connect logging.
Object Type Template variable
Included In Logout.thtml
Usage Optional. Available when the user signs out of a session from a Macintosh Safari browser.
Network Connect logging is initiated and the log captured.
Example None
Related Topics safari on page 123
ncp_read_timeout
Determines the read timeout value over the Network Control Protocol.
Object Type Template variable
Included In MeetingAppletInstaller.thtml
Usage Required. Passed to MeetingAppletInstaller.thtml when it installs a meeting applet.
Example<% IF install%><APPLET<%applet_ini FILTER verbatim%><PARAMNAME="Parameter0"
VALUE="meeting_id=<%instanceId%>;user_name=<%username%>;cert_md5=<%cert_md5%>;ncp_read_timeout=<%ncp_read_timeout%>"><PARAMNAME="StartSessionReDir" VALUE="<%startSessionReDir%>"><PARAMNAME="UninstallReDir" VALUE="<%uninstallReDir%>"><PARAMNAME="locale" VALUE="<%locale%>">
</APPLET>
Related Topics MeetingAppletInstaller.thtml on page 87
netacekey
Passes the user’s eTrust ACE key to the server using a hidden value.
Object Type HTML form field
Included In SM-NewUserPin.thtml, SM-NewPinSelect.thtml, SM-NextToken.thtml
95Copyright © 2010, Juniper Networks, Inc.
Chapter 1: Custom sign-in pages
Usage Required. The form assigns the netesecid_key value to netacekey.
Example The following example shows the use of netacekey in the INPUT statement:
<INPUT type=hidden name="neteacekey" value="<%netesecid_key%>">
Related Topics netesecid_key on page 96
netesecid_key
Contains the user’s eTrust ACE key.
Object Type Template variable
Included In SM-NewPinSelect-ppc.thtml, SM-NewPinSelect.thtml, SM-NextToken-ppc.thtml, SM-
NextToken.thtml, SM-NewPinSystem-ppc.thtml, SM-NewPinSystem.thtml, SM-
NewUserPin-ppc.thtml, SM-NewUserPin.thtml
SM-NewPinSelect.thtml,SM-NextToken.thtml,
Required. The value is passed by the page to the server.
SM-NewPinSystem.thtml,SM-NewUserPin.thtmlUsage
Example The following example shows the use of netesecid_key in the INPUT statement:
<INPUT type=hidden name="neteacekey" value="<%netesecid_key%>">
Related Topics netacekey on page 95
netesecid_loginmode
Returns a value of Next Token mode or New PIN mode.
Object Type Template variable
Included In SM-NewPinSelect-ppc.thtml, SM-NewPinSelect.thtml, SM-NextToken-ppc.thtml, SM-
NextToken.thtml, SM-NewPinSystem-ppc.thtml, SM-NewPinSystem.thtml, SM-
NewUserPin-ppc.thtml, SM-NewUserPin.thtml
Usage Required. You must send this value to the server, but if you do not want to expose it to
the user, you may send it as a hidden form field.
Example The following hidden INPUT statement sets the login mode based on the
netesecid_loginmode variable.
<INPUT type=hidden name="loginmode" value="<%netesecid_loginmode%>">
Copyright © 2010, Juniper Networks, Inc.96
SA Series Custom Sign-in Pages
Related Topics loginmode on page 77
netesecid_pinerr
Error code and corresponding message that informs the user that he mis-entered his
PIN.
Object Type Template variable
Included In SM-NewUserPin-ppc.thtml, SM-NewUserPin.thtml
Usage Optional
Example The following code checks the value of netesecid_pinerr, a boolean, to see if the PIN the
user enters matches the PIN on the authentication server:
<% IF netesecid_pinerr == 0%><IMG border='0' src='imgs/custom-loginfo.gif' alt='Info' width='21' height='20'>NewPIN Assignment<%ELSIF netesecid_pinerr == 1%>The Two PINs Entered Do NotMatch<%END%>
Related Topics SM-NewUserPin.thtml on page 141
netesecid_realm
The user’s realm.
Object Type Template variable
Included In SM-NewPinSelect-ppc.thtml, SM-NewPinSelect.thtml, SM-NextToken-ppc.thtml, SM-
NextToken.thtml, SM-NewPinSystem-ppc.thtml, SM-NewPinSystem.thtml, SM-
NewUserPin-ppc.thtml, SM-NewUserPin.thtml
Usage Optional
Example The following code shows the configuration of the page based on various server-provided
values:
<FORM name="frmNewPin" action="login.cgi" method="POST"autocomplete=off><INPUT type=hidden name="loginmode" value="<%netesecid_loginmode%>"><INPUT type=hidden name="realm" value="<%netesecid_realm%>"><INPUT type=hidden name="neteacekey" value="<%netesecid_key%>">
Related Topics SM-NewUserPin.thtml on page 141•
97Copyright © 2010, Juniper Networks, Inc.
Chapter 1: Custom sign-in pages
• SM-NextToken.thtml on page 142
netesecid_username
The user’s username.
Object Type Template variable
Included In SM-NewPinSelect-ppc.thtml, SM-NewPinSelect.thtml, SM-NextToken-ppc.thtml, SM-
NextToken.thtml, SM-NewPinSystem-ppc.thtml, SM-NewPinSystem.thtml, SM-
NewUserPin-ppc.thtml, SM-NewUserPin.thtml
Usage Optional
Example The following INPUT statement assigns the netesecid_username to the form username
field:
<INPUT type="text" name="username" value="<%netesecid_username%>">
Related Topics netesecid_realm on page 97
netesecidactionCancel
Cancels a eTrust secure ID action currently in progress.
Object Type HTML form field
Included In SM-NewPinSelect-ppc.thtml, SM-NewPinSelect.thtml, SM-NextToken-ppc.thtml, SM-
NextToken.thtml, SM-NewPinSystem-ppc.thtml, SM-NewPinSystem.thtml, SM-
NewUserPin-ppc.thtml, SM-NewUserPin.thtml
Usage Required. The value of either this field or of netesecidactionEnter must be sent to the
server:
<INPUT type="submit" value="Cancel" name="netesecidactionCancel">
Related Topics netesecidactionEnter on page 98
netesecidactionEnter
Initiates the submission of the current eTrust secure ID action.
Object Type HTML form field
Copyright © 2010, Juniper Networks, Inc.98
SA Series Custom Sign-in Pages
Included In SM-NewPinSelect-ppc.thtml, SM-NewPinSelect.thtml, SM-NextToken-ppc.thtml, SM-
NextToken.thtml, SM-NewPinSystem-ppc.thtml, SM-NewPinSystem.thtml, SM-
NewUserPin-ppc.thtml, SM-NewUserPin.thtml
Usage Required. The value of either this field or of netesecidactionCancelmust be sent to the
server.
Example<INPUT type="submit" value="Enter" name="netesecidactionEnter">
Related Topics netesecidactionCancel on page 98
Netscape4xx
Checks for Netscape version 4.x browser.
Object Type Template variable
Included In Logout.thtml
Usage Required. Checks to see if the user’s browser is Netscape version 4.x. If so, then, on logout,
error messages are passed to the page in a compatible way.
Example None
Related Topics Logout.thtml on page 85
NewPin.thtml
Prompts ACE users to enter a new PIN or create a system-generated PIN before signing
into Secure Access.
Object Type Template
Usage Required. When configuring the secid_pinselectmode variable (which sets the user’s PIN
select mode), note that possible values include:
Table 8: PIN Error Messages
DescriptionMode
User must use the system-generated PIN. He cannot enter his own PIN.0
User may enter his own PIN or use the system-generated PIN.1
User must enter his own PIN. He cannot use the system-generated PIN.2
99Copyright © 2010, Juniper Networks, Inc.
Chapter 1: Custom sign-in pages
When configuring the secid_pinserr variable (which stores the error code and message
that informs the user if he mis-entered his PIN), note that possible values include:
Table 9: Additional PIN Error Messages
ValueCode
New PIN is required.0
The two PINs entered do not match.1
PIN Format is invalid.2
PIN length is invalid.3
Required Variables “secid_contextid” on page 124•
• “secid_loginmode” on page 124
Example None
Related Topics NewPin-ppc.thtml on page 100
NewPin-ppc.thtml
Prompts ACE users to enter a new PIN or create a system-generated PIN before signing
into Secure Access. Pocket PC version of “NewPin.thtml” on page 99.
Object Type Template
Usage Required. This template When configuring the secid_pinselectmode variable (which sets
the user’s PIN select mode), note that possible values include:
Table 10: PIN Error Messages
DescriptionMode
User must use the system-generated PIN. He cannot enter his own PIN.0
User may enter his own PIN or use the system-generated PIN.1
User must enter his own PIN. He cannot use the system-generated PIN.2
When configuring the secid_pinserr variable (which stores the error code and message
that informs the user if he mis-entered his PIN), note that possible values include:
Copyright © 2010, Juniper Networks, Inc.100
SA Series Custom Sign-in Pages
Table 11:
ValueCode
New PIN is required.0
The two PINs entered do not match.1
PIN Format is invalid.2
PIN length is invalid.3
Required Variables “secid_contextid” on page 124•
• “secid_loginmode” on page 124
Example None
Related Topics NewPin.thtml on page 99
NextToken.thtml
Prompts the user to verify his credentials by entering his SecureID token code.
Object Type Template
Usage Optional. Although this template is optional, you should always include it in the zip file
that you upload to Secure Access.
Required Variables “secid_contextid” on page 124•
• “secid_loginmode” on page 124
Example None
Related Topics NextToken-ppc.thtml on page 101
NextToken-ppc.thtml
Prompts the user to verify his credentials by entering his SecureID token code. Pocket
PC version of “NextToken.thtml” on page 101.
Object Type Template
Usage Optional. Although this template is optional, you should always include it in the zip file
that you upload to Secure Access.
101Copyright © 2010, Juniper Networks, Inc.
Chapter 1: Custom sign-in pages
Required Variables “secid_contextid” on page 124•
• “secid_loginmode” on page 124
Example None
Related Topics NextToken.thtml on page 101
occurrence
Contains the recurring meeting occurrence ID.
Object Type Template variable
Included In LoginMeeting.thtml, MeetingRun.thtml, MeetingSelect.thtml, MeetingTrouble.thtml
Usage Required
Example The following code shows how the occurrence variable is used in an INPUT statement:
<input type="hidden" name="occurrence" value="<%occurrence%>">
Related Topics mid on page 92
onsubmit
Event trigger in a form.
Object Type HTML form element
Included In GeneratePin-ppc.thtml, GeneratePin.thtml, LoginPage-ppc.thtml, LoginPage.thtml,
NewPin-ppc.thtml, NewPin.thtml, NextToken-ppc.thtml, NextToken.thtml, SM-
NewUserPin-ppc.thtml, SM-NewUserPin.thtml
Usage Required if you are using Secure Meeting) Returns the time zone offset value set by the
Login() function.
Example The following code shows a typical use of onsubmit:
onsubmit="return Login()"
Related Topics None
Copyright © 2010, Juniper Networks, Inc.102
SA Series Custom Sign-in Pages
p
Specifies the page name as CASQUEAPP.
Object Type HTML form field
Included In Defender.thtml , Defender-ppc.thtml
Usage Required
Example The following code assigns the value CASQUEAPP to the form INPUT field p:
<INPUT type=hidden name="p" value="casqueapp">
Related Topics secid_challenge on page 123
PageErrorArgs
Contains the arguments for an error or message.
Object Type Template variable
Included In PasswordChange.thtml , PasswordChange-ppc.thtml
Usage Optional
Example The following code checks to see if a password length error occurs, then displays an
informational message:
<% IF PageErrorCode == 2015%>New passwordmust not be longer than<%PageErrorArgs.MaximumPasswordLength%> characters.
Related Topics PageErrorCode on page 103•
• PasswordChange.thtml on page 107
PageErrorCode
Contains the error code in case of an error or message.
Object Type Template variable
Included In LoginPage.thtml, PasswordChange-ppc.thtml, PasswordChange.thtml
Usage Optional
103Copyright © 2010, Juniper Networks, Inc.
Chapter 1: Custom sign-in pages
Table 12: Page Error Codes
Error messageError Code
Password Change Success1020
Account Disabled1021
Account Locked out1022
Account Expired1023
Password Mismatch2001
Invalid Password2002
Password Change not allowed2003
Password too new2004
Password too short2006
Password too trivial2007
Password exists in password history2008
Password Expired Message2009
Password must change at next logon message2010
Password does not meet complexity requirements2011
Could not connect to auth server to change password2012
Password change failed2013
Password successfully changed2014
Password will expire in some amount of time2015
You have some number of grace logins.2016
For more errors and messages, see “LoginPageErrorCode” on page 81 and
“LoginPageErrorMessage” on page 84.
Example You cannot change the messages that appear in Table 12 on page 104, but you can create
your own messages and include them in your customized pages. For example:
<% IF PageErrorCode == 2009%>
Copyright © 2010, Juniper Networks, Inc.104
SA Series Custom Sign-in Pages
Your password has expired. Please contact your system administrator.<%END%>
Related Topics LoginPageErrorCode on page 81•
• LoginPageErrorMessage on page 84
params
Contains parameters required to sign in to a meeting.
Object Type Template variable
Included In MeetingSelect.thtml
Usage Required.
Example The following code fills the form with the names of available meeting instances:
<% IF rows%><%FOREACHmeeting =meetings%><input type="button" value=" > "onclick="self.location='/dana-na/meeting/<%signin%>login_meeting.cgi?mid=<%mid%>&occurrence=<%meeting.3%><%params%>'"><%started%><%meeting.0%><%meeting.1%><%meeting.2%><%END%><%END%>
Related Topics MeetingSelect.thtml on page 89
password
Indicates the password for an optional JavaScript function in theDefender.thtml template.
Object Type JavaScript variable
Included In Defender.thtml
Usage Optional
Example The header of Defender.thtml contains the following optional function to automatically
place the cursor in the password field of the Defender page. If you choose to include this
function in the header, you must also call it from the body of Defender.thtml. Also note
that you should not change the JavaScript function name, form name, or form field name
and that the form and form fields should have the same name.
105Copyright © 2010, Juniper Networks, Inc.
Chapter 1: Custom sign-in pages
function FinishLoad() {document.frmDefender.>password.focus();}
Related Topics FinishLoad() on page 59
password
Sets an HTML form field as a password field.
Object Type Input form field
Included In LoginPage.thtml,NewPin-ppc.thtml,NewPin.thtml,NextToken-ppc.thtml, NextToken.thtml,
LoginMeeting.thtml, Defender-ppc.thtml, Defender.thtml, PasswordChange-ppc.thtml,
PasswordChange.thtml, SM-NewPinSelect-ppc.thtml, SM- NewPinSelect.thtml,
SM-NewPinSystem-ppc.thtml, NewPinSystem.thtml, SM- NewUserPin-ppc.thtml,
SM-NewUserPin.thtml,SM-NextToken-ppc.thtml,SM-NextToken.thtml,GeneratePin.thtml
Usage This field is required for all types of authentication servers except anonymous servers
and certificate servers.
Example The following code assigns the password field:
<input type="password" name="password">
Related Topics LoginPage.thtml on page 79•
• password2 on page 106
password2
Verified password.
Object Type HTML form field
Included In NewPin-ppc.thtml, NewPin.thtml, SM-NewPinSelect-ppc.thtml, SM-NewPinSelect.thtml,
SM-NewUserPin-ppc.thtml, SM-NewUserPin.thtml, SM-NextToken-ppc.thtml, SM-
NextToken.thtml, GeneratePin.thtml
Usage Required. The password2 and password fields pass the password and verified password
that the user enters to the server for verification.
Example The value of the following fields must match:
<INPUT type="password" name="password"><INPUT type="password" name="password2">
Copyright © 2010, Juniper Networks, Inc.106
SA Series Custom Sign-in Pages
“password” on page 106
PasswordChange.thtml
Notifies the user that his password is due to expire and prompts him to change it.
Object Type Template
Usage Optional. Note that the changePasswordTitle variable in this template specifies whether
the changed password is for the user’s primary or secondary authentication server. When
you include this variable in your template, Secure Access adds a title to the standard
old/new/confirm password text boxes specifying whether the user must change his
primary or secondary password.
Optional. When you include the adds a title to the standard old/new/confirm password
text boxes specifying whether the user must change his password.The
showChangePasswordTitlevariable indicates whether or not to show the change password
text. The variable value is true if primary and secondary authentication both exist in the
login process. The changePasswordTitle variable is a regular text (title) message that
indicates whether the password change page is for a primary or a secondary password.
Without this variable, the password change page only displays the old/new/confirm
password text boxes and a message above, suggesting that the user change password.
With the changePasswordTitle variable, the password change page displays the
old/new/confirm password text boxes, a message above suggesting that the user change
password, and another heading at the top of that page, stating Change Primary (orSecondary) Password.
Required Variables None
Example None
Related Topics changePasswordTitle on page 52•
• PasswordChange-ppc.thtml on page 107
• showChangePasswordTitle on page 135
PasswordChange-ppc.thtml
Notifies the user that his password is due to expire and prompts him to change it. Pocket
PC version of “PasswordChange.thtml” on page 107.
Object Type Template
Usage Optional. Unlike the PasswordChange.thtml template, does not include a password
maximum length check.
Note that thechangePasswordTitlevariable in this template specifies whether the changed
password is for the user’s primary or secondary authentication server. When you include
107Copyright © 2010, Juniper Networks, Inc.
Chapter 1: Custom sign-in pages
this variable in your template, Secure Access adds a title to the standard old/new/confirm
password text boxes specifying whether the user must change his primary or secondary
password.
Required Variables None
Example None
Related Topics PasswordChange.thtml on page 107
PasswordComplexityMessage
The password complexity message.
Object Type Template variable
Included In PasswordChange-ppc.thtml, PasswordChange.thtml
Usage Optional. Argument for error code 2011.
Example The following code notifies the user that the password does not meet complexity
requirements:
<% IF PageErrorCode == 2011%>New password not complex enough.Must consist of <%PageErrorArgs.PasswordComplexityMessage>%>characters.<%END%>
Related Topics PageErrorArgs on page 103•
• PageErrorCode on page 103
PasswordExpiration.thtml
Notifies the user that his password has expired and prompts him to change it.
Object Type Template
Usage Optional
Required Variables “startPageLink” on page 147
Example None
Related Topics PasswordExpiration-ppc.thtml on page 109
Copyright © 2010, Juniper Networks, Inc.108
SA Series Custom Sign-in Pages
PasswordExpiration-ppc.thtml
Notifies the user that his password has expired and prompts him to change it. Pocket PC
version of “PasswordExpiration.thtml” on page 108.
Object Type Template
Usage Optional. With minor exceptions in format, this template is identical to
PasswordExpiration.thtml.
Required Variables “startPageLink” on page 147
Example None
Related Topics PasswordExpiration.thtml on page 108
PasswordExpirationFriendlyTime
Message displaying how soon password expires.
Object Type Template variable
Included In PasswordExpiration.thtml , PasswordExpiration-ppc.thtml
Usage Argument for error code 2015. Shows time in days, hours, and minutes.
Example The following code checks for error code 2015, and displays a message containing the
time remaining before the password expires:
<% IF LoginPageErrorCode == 2015%>Password expires in<% LoginPageErrorArgs.PasswordExpirationFriendlyTime%>.<%END%>
Related Topics LoginPageErrorArgs on page 80•
• LoginPageErrorCode on page 81
• PasswordExpirationSeconds on page 109
PasswordExpirationSeconds
The number of seconds in which the current user’s password will expire.
Object Type Template variable
Included In PasswordExpiration.thtml
109Copyright © 2010, Juniper Networks, Inc.
Chapter 1: Custom sign-in pages
Usage Optional. Argument for error code 2015.
Example The following code indicates that the user’s password will expire in a certain number of
seconds:
<% IF LoginPageErrorCode == 2015%>Password will expire in<% LoginPageErrorArgs.PasswordExpirationSeconds%> seconds.<%END%>
Related Topics LoginPageErrorArgs on page 80•
• LoginPageErrorCode on page 81
• PasswordExpirationFriendlyTime on page 109
PasswordHistoryLength
The length of the list of passwords the system has saved for a given end-user.
Object Type Template variable
Included In PasswordChange-ppc.thtml, PasswordChange.thtml
Usage Optional. Argument for error code 2008. Some authentication systems save passwords
and do not allow an end-user to assign the same password twice in succession, within
a certain amount of elapsed time, or as long as the password still exists in the password
history list.
Example The following code shows the use of PasswordHistoryLength:
<% IF PageErrorCode == 2008%>New passwordmust not repeat previous<%PageErrorArgs.PasswordHistoryLength%> passwords.
Related Topics PasswordComplexityMessage on page 108
pleasewait
Default text printed to the page when either ActiveX or an applet is loading.
Object Type Template variable
Included In Remediate.thtml , Remediate-ppc.thtml
Usage Required
Copyright © 2010, Juniper Networks, Inc.110
SA Series Custom Sign-in Pages
Example The following code shows a table containing two directives. The first, the loading directive,
tests whether or not ActiveX or an applet is loading. If yes, then the pleasewait directive
displays a message, prompting the user to wait.
<% loading%><%pleasewait%>
Related Topics loading on page 76•
• Remediate.thtml on page 119
PleaseWait.thtml
Displays a page asking the user to wait while application components install or uninstall.
Object Type Template
Usage Optional. This template differs from the standardPleaseWait.thtml template in the types
and degree of validation and status checking performed while you wait. You may choose
to customize this template if you have configured Host Checker or Cache Cleaner at the
realm level. Use this page to control Host Checker and Cache Cleaner starts during
pre-authentication and post-authentication.
This template contains JavaScript for detecting, stopping, installing, and uninstalling the
Host Checker and Cache Cleaner components as well as images and text to display to
users while Secure Access performs these actions. This template also contains JavaScript
that periodically checks the user’s status to determine if Host Checker or Cache Cleaner
is loaded on his system and redirects him to the sign-in page (welcome.cgi) if necessary.
For detailed information about the JavaScript and variables described here, see comments
in the template.
Required Variables “LoginPageErrorMessage” on page 84•
• “PleaseWaitObjectCC” on page 113
Example None
Related Topics Logout.thtml on page 85•
• PleaseWait-ppc.thtml on page 111
PleaseWait-ppc.thtml
Displays a page asking the user to wait while application components install or uninstall.
Pocket PC version of “PleaseWait.thtml” on page 111.
Object Type Template
111Copyright © 2010, Juniper Networks, Inc.
Chapter 1: Custom sign-in pages
Usage Optional. This template differs from the standardPleaseWait.thtml template in the types
and degree of validation and status checking performed while you wait. You may choose
to customize this template if you have configured Host Checker or Cache Cleaner at the
realm level. Use this page to control Host Checker and Cache Cleaner starts during
pre-authentication and post-authentication.
This template contains JavaScript for detecting, stopping, installing, and uninstalling the
Host Checker and Cache Cleaner components as well as images and text to display to
users while Secure Access performs these actions. This template also contains JavaScript
that periodically checks the user’s status to determine if Host Checker or Cache Cleaner
is loaded on his system and redirects him to the sign-in page (welcome.cgi) if necessary.
This template also includes variables telling users to wait while components install, an
error message variable, a variable storing the time that the page is first loaded, and a
status variable for the Host Checker and Cache Cleaner components.
For detailed information about the JavaScript and variables described here, see comments
in the template.
Required Variables “LoginPageErrorMessage” on page 84•
• “PleaseWaitObjectCC” on page 113
Example None
Related Topics Logout.thtml on page 85•
• PleaseWait.thtml on page 111
pleasewaitLogoutJSCode
JavaScript code for pleasewait logout.
Object Type Template variable
Included In Logout.thtml
Usage Required
Example The following code shows the variable passed to the page verbatim, prior to the script
section of the HTML page:
<html><head><meta http-equiv="Content-Language"><meta http-equiv="Content-Type" content="text/html">
Copyright © 2010, Juniper Networks, Inc.112
SA Series Custom Sign-in Pages
<meta name=robots content="none"><title>Instant Virtual Extranet</title>
<%pleasewaitLogoutJSCode FILTER verbatim%><%IF pleasewaitObjectHCOR pleasewaitObjectCCOR pleasewaitWin32%><%IFpleasewaitObjectHCORpleasewaitWin32%><SCRIPTLANGUAGE="JavaScript">
Related Topics Logout.thtml on page 85•
• PleaseWaitObjectCC on page 113
• pleasewaitWin32 on page 114
PleaseWaitObjectCC
If a Cache Cleaner object is enabled, this variable contains the Cache Cleaner object tag.
Object Type Template variable
Included In Logout.thtml, PleaseWait.thtml
Usage Required
Example The following code checks to see if the Cache Cleaner object is enabled. If so, the code
displays a message:
<%IF pleasewaitObjectCC%><span><div id="cc">Cache Cleaner Component</div></span><%END%>
Related Topics Logout.thtml on page 85•
• PleaseWait.thtml on page 111
• PleaseWaitObjectHC on page 113
• pleasewaitWin32 on page 114
PleaseWaitObjectHC
If a Host Checker object is enabled, this variable contains the Host Checker object tag.
Object Type Template variable
Included In Logout.thtml, PleaseWait.thtml
Usage Required
Example The following code checks to see if the Host Checker object is enabled. If so, the code
displays a message:
113Copyright © 2010, Juniper Networks, Inc.
Chapter 1: Custom sign-in pages
<%IF pleasewaitObjectHC%><span><div id="cc">Host Checker Component</div></span><%END%>
Related Topics PleaseWait.thtml on page 111•
• PleaseWaitObjectCC on page 113
• pleasewaitWin32 on page 114
pleasewaitWin32
Boolean indicating that you must stop one or more Win32 components from the logout
page.
Object Type Template variable
Included In Logout.thtml
Usage Required. Set to 1 if any components need to be stopped.
Example The following code checks to see if any of the components are causing Secure Access
to display a Please Wait message and if the components are java-based. If yes, the code
calls the stopComponents() JavaScript function to stop the component.
<% IF (pleasewaitObjectCC || pleasewaitObjectHC || pleasewaitWin32) &&delivery_mode == 'java'%>onload="javascript:stopComponents()"<%END%>
Related Topics PleaseWait.thtml on page 111•
• PleaseWaitObjectCC on page 113
• PleaseWaitObjectHC on page 113
• stopComponents() on page 148
plugintype
Provides the information about type of defender server application.
Object Type Template variable
Included In Defender.thtml
Usage Optional. Valid value is CASQUEAPP. Secure Access sets the plugintype variable to
CASQUEAPP when finding a Casque RADIUS server.
Copyright © 2010, Juniper Networks, Inc.114
SA Series Custom Sign-in Pages
Example The following code loads the frmCasque HTML form if the plugintype contains the value
CASQUEAPP:
<% IF plugintype == 'CASQUE'%><form name="frmCasque"method="POST" autocomplete=off><INPUT type=hidden name="cval" value="<% secid_challenge%>"><INPUT type=hidden name="p" value="casqueapp"><a href="#" onClick="submitFrmCasque(); return false;">LAUNCHCASQUE PLAYER</a><BR></form>
Related Topics Defender.thtml on page 56•
• frmCasque on page 61
portal
User interface string that displays the sign-in page’s portal name.
Object Type Template variable
Default Value Secure SSL VPN
Included In LoginPage.thtml, LogoutPage.thtml,SSL.thtml,SecondaryLoginPage.thtml, Logout.thtml,
Defender.thtml, ExceededConcurrent.thtml, GeneratePin.thtml, NewPin.thtml,
NextToken.thtml, ShowSystemPin.thtml
Usage Optional
Example <% portal FILTER verbatim %>
Related Topics None
prompts
Contains display information for username/password prompts.
Object Type Template variable
Included In LoginPage-ppc.thtml, LoginPage.thtml, NewPin.thtml, NextToken.thtml, Defender-
ppc.thtml, Defender.thtml, SecondaryLoginPage-ppc.thtml, SecondaryLoginPage.thtml,
SM-NewPinSelect.thtml, SM-NewUserPin.thtml, SM-NextToken.thtml
Usage Required when including SecondaryLoginPage.thtml template in your zip file to collect
secondary authentication credentials. The prompt variable is a hash list used to display
primary and/or secondary username and password prompts in the sign-in page. You can
use the prompts variable instead of hardcoding username and password labels.
115Copyright © 2010, Juniper Networks, Inc.
Chapter 1: Custom sign-in pages
If you want to prompt the user to enter secondary sign-in credentials, and you do not
include the prompts variable in your template, Secure Access brings up a secondary
sign-in page to collect the user’s secondary credentials. If you include thepromptsvariable,
Secure Access collects the secondary credentials along with the primary credentials in
the main sign-in page.
Example The following example is a required piece of code in the SecondaryLoginPage.thtml
template:
<%FOREACH prompt = prompts%><%NEXT IF !prompt.required%><%prompt.promptText%><input type="<%prompt.type%>" name="<%prompt.name%>"size="20"><%END%>
Related Topics NoneSecondaryLoginPage.thtml on page 128
realm
Returns name of the current user’s realm.
Object Type HTML form field
Included In LoginPage-ppc.thtml, LoginPage.thtml, SM-NewPinSelect-ppc.thtml, SM-
NewPinSelect.thtml, SM-NewPinSystem-ppc.thtml, SM-NewPinSystem.thtml, SM-
NewUserPin-ppc.thtml, SM-NewUserPin.thtml, SM-NextToken-ppc.thtml, SM-
NextToken.thtml, GeneratePin.thtml, NewPin.thtml
Usage Required. Login.cgi passes the realm value posted here to the appropriate authentication
server. See example below.
Example The following example appears in several template files:
<% IF RealmList.size == 0%><td>LoginRealm</td><td> </td><td><input type="text" name="realm" size="20"></td><%ELSIF RealmList.size == 1%><input type="hidden" name="realm" value="<%RealmList.0%>"><%ELSE%><td>LoginRealm</td><td> </td><td><select size="1" name="realm"><%FOREACH r = RealmList%><option value="<% r%>" ><% r%></option>
Copyright © 2010, Juniper Networks, Inc.116
SA Series Custom Sign-in Pages
<%END%></select>
If you only associate one realm with a URL, and you want to eliminate the realm text box
and realm list box altogether, you can eliminate this code with the exception of the
following line:
<input type="hidden" name="realm" value="<%RealmList.0%>">
You must include this line. Secure Access populates this variable with the correct value.
You can use this approach if you are sure that only one realm is associated with the
sign-in URL.
Related Topics RealmList on page 117
realm
User interface label for the string “realm” .
Object Type Template variable
Default value Realm
Included In LoginPage.thtml
Usage Optional
Example In the following example, if no list of realms is available, display a textbox for the user to
enter their realm. The realm variable is a label for the textbox.
<% IF RealmList.size == 0%><% realm%><input type="text" name="realm" value="" size="20">
Related Topics RealmList on page 117
RealmList
List of realms available to the user.
Object Type Template variable
Included In LoginPage.thtml, LoginPage-ppc.thtml, GeneratePin.thtml, NewPin.thtml
Usage Optional. If you use theRealmList variable in the LoginPage.thtml template, the following
rules apply:
• If RealmList.size = 0, then allow the user to type the realm name into a text box.
117Copyright © 2010, Juniper Networks, Inc.
Chapter 1: Custom sign-in pages
• If RealmList.size => 1, then allow the user to choose the realm name from a list box.
Example The following example from LoginPage.thtml shows RealmList being used as an index
in a foreach loop that returns the available realms.
<%FOREACH r = RealmList%><option value="<% r%>" ><% r%></option><%END%>
Related Topics CertificateAuthentication on page 51•
• realm on page 116
recallLastRealmUsed()
Use this function if you want to allow users to select from multiple realms in the sign-in
page.
Object Type JavaScript function
Included In LoginPage.thtml, LoginPage-ppc.thtml
Usage Optional
Example The function checks that a realm exists and then gets the last selected authentication
realm.
function recallLastRealmUsed() {if (document.frmLogin.realm != null &&document.frmLogin.realm.type == "select-one") {// try to remember which auth realmwas last usedvar sLastRealm =GetCookieValue("lastRealm");if (sLastRealm.length > 0) {var cmb = document.frmLogin.realm;var nNumRealms = cmb.options.length;for (var n=0; n < nNumRealms; n++) {if (cmb.options[n].text == sLastRealm) {cmb.selectedIndex = n;}}}}}
Related Topics FinishLoad() on page 59
Copyright © 2010, Juniper Networks, Inc.118
SA Series Custom Sign-in Pages
redirect()
Redirects the page to a compatibility checking page.
Object Type JavaScript function
Included In MeetingRunJava.thtml, MeetingTestMSJava.thtml, MeetingTestJava.thtml
Usage Optional
Example The following two code samples show how the redirect() function redirects to a meeting
page generated by a given CGI file:
From MeetingTestMSJava.thtml:
function redirect () {document.location.replace("/dana-na/meeting/<%signin%>meeting_testjava.cgi?<%mid_param%>")}
From MeetingTestJava.thtml:
function redirect () {document.location.replace("/dana-na/meeting/<%signin%>meeting_testresult.cgi?<%mid_param%>")}
Related Topics MeetingTestMSJava.thtml on page 91•
• MeetingRunJava.thtml on page 88
• MeetingTestJava.thtml on page 90
• MeetingTestJS.thtml on page 90
Remediate.thtml
Provides the user with the ability to fix the Host Checker starts during pre-authentication
and post-authentication, before the Welcome page displays.
Object Type Template
Usage Optional. If you have enabled Host Checker remediation, this page appears before/after
the sign-in page and displays messages to the user when Host Checker policies with
custom instructions have failed.
Required Variables • “listFailedPolicies” on page 76
• “showButtons” on page 134
119Copyright © 2010, Juniper Networks, Inc.
Chapter 1: Custom sign-in pages
• “showClose” on page 135
• “showContinue” on page 136
• “showHeading” on page 136
• “showLoading” on page 137
• “showPolicies” on page 137
• “showRemedOption” on page 137
• “showTryAgain” on page 138
Example None
Related Topics Remediate-ppc.thtml on page 120
Remediate-ppc.thtml
Provides the user with the ability to fix the Host Checker starts during pre-authentication
and post-authentication, before the Welcome page displays. Pocket PC version of
“Remediate.thtml” on page 119.
Object Type Template
Usage Optional. If you have enabled Host Checker remediation, this page appears before/after
the sign-in page and displays messages to the user when Host Checker policies with
custom instructions have failed.
Required Variables • “listFailedPolicies” on page 76
• “showButtons” on page 134
• “showClose” on page 135
• “showContinue” on page 136
• “showHeading” on page 136
• “showLoading” on page 137
• “showPolicies” on page 137
• “showRemedOption” on page 137
• “showTryAgain” on page 138
Example None
Related Topics Remediate.thtml on page 119
Copyright © 2010, Juniper Networks, Inc.120
SA Series Custom Sign-in Pages
remedy1
Contains the first possible remedy if your system is not fully compatible.
Object Type Template variable
Included In MeetingTestResult.thtml
Usage Required
Example The following code displays the first remedy:
<% IF remedy1%><% remedy1 FILTER verbatim%><%END%>
Related Topics remedy2 on page 121
remedy2
Contains the second possible remedy if your system is not fully compatible.
Object Type Template variable
Included In MeetingTestResult.thtml
Usage Required
Example The following code displays the second remedy:
<% IF remedy2%><% remedy2 FILTER verbatim%><%END%>
Related Topics remedy1 on page 121
RoleList
List of roles available to the user.
Object Type Template variable
Included In SelectRole.thtml , SelectRole-ppc.thtml
Usage Optional
121Copyright © 2010, Juniper Networks, Inc.
Chapter 1: Custom sign-in pages
Example The following code uses the RoleList variable to process a loop of roles (in this case, two
roles):
<%FOREACH role = RoleList%><a href="login.cgi?loginmode=mode_selectedrole&role=<%role.0%>&selectrolekey=<%SelectRoleKey%>&passwordExpiration=<%PasswordExpiration%>"><%role.1%></a><%END%>
Related Topics SelectRole.thtml on page 129
rows
Contains the number of occurrences that match the search criteria.
Object Type Template variable
Included In MeetingSelect.thtml
Usage Required
Example The following code checks to see if there are any matching occurrences. If yes, the code
then generates a list of meeting instances:
<% IF rows%><%FOREACHmeeting =meetings%><input type="button" value=" > "onclick="self.location='/dana-na/meeting/<%signin%>login_meeting.cgi?mid=<%mid%>&occurrence=<%meeting.3%><%params%>'"><%started%><%meeting.0%><%meeting.1%><%meeting.2%><%END%><%END%>
Related Topics MeetingSelect.thtml on page 89
runOnLoad
Called when page loads the <body>.
Object Type JavaScript function
Included In Remediate.thtml , Remediate-ppc.thtml
Usage Optional. Useful when you need to load ActiveX or an applet as needed.
Copyright © 2010, Juniper Networks, Inc.122
SA Series Custom Sign-in Pages
Example None
Related Topics Remediate.thtml on page 119
safari
Boolean that indicates whether or not the user’s browser is Macintosh Safari.
Object Type Template variable
Included In Logout.thtml, MeetingTestJS.thtml
Logout.thtmlUsage Required
Example The following code fragment tests the variable to discover if the browser is the Safari
browser:
<% IF safari%>
Related Topics geckoBrowser on page 64
secid_challenge
Challenge string obtained from a server.
Object Type Template variable
Included In Defender.thtml , Defender-ppc.thtml
Usage Required. Used to return a challenge string from a RADIUS server in Defender.thtml.
Example The following code sets the challenge value to the value obtained from the RADIUS
server.
<INPUT type=hidden name="cval" value="<% secid_challenge%>">
Related Topics Defender.thtml on page 56•
• p on page 103
secidcontextid
Form field for the value represented by secid_contextid.
Object Type HTML form field
123Copyright © 2010, Juniper Networks, Inc.
Chapter 1: Custom sign-in pages
Included In GeneratePin.thtml, GeneratePin-ppc.thtml, NewPin.thtml, NewPin-ppc.thtml,
NextToken.thtml, NextToken-ppc.thtml, Defender.thtml, Defender-ppc.thtml
Usage Required
Example The following code assigns the handle of the current transaction to a form field:
<INPUT type=hidden name="secidcontextid" value="<% secid_contextid%>">
Related Topics secid_contextid on page 124
secid_contextid
Current transaction handle.
Object Type Template variable
Included In GeneratePin.thtml,GeneratePin-ppc.thtml,NewPin-ppc.thtml,NewPin.thtml,NextToken-
ppc.thtml, NextToken.thtml
Usage Required. You must send this value to the server, but if you do not want to expose it to
the user, send it as a hidden form field.
Example The following code assigns the current transaction handle from the server to the HTML
form.
<INPUT type=hidden name="secidcontextid" value="<% secid_contextid%>">
Related Topics secidcontextid on page 123
secid_loginmode
Returns a value of Next Token mode or New PIN mode.
Object Type Template variable
Included In GeneratePin.thtml,GeneratePin-ppc.thtml,NewPin-ppc.thtml,NewPin.thtml,NextToken-
ppc.thtml, NextToken.thtml, Defender-ppc.thtml, Defender.thtml
Usage Required. You must send this value to the server, but if you do not want to expose it to
the user, you may send it as a hidden form field.
Example The following code assigns the mode to the HTML form:
<INPUT type=hidden name="loginmode" value="<% secid_loginmode%>">
Copyright © 2010, Juniper Networks, Inc.124
SA Series Custom Sign-in Pages
Related Topics secidcontextid on page 123•
• secid_contextid on page 124
secid_pinerr
Error code and corresponding message that informs the user if he has entered his PIN
incorrectly.
Object Type Template variable
Included In GeneratePin.thtml, NewPin-ppc.thtml, NewPin.thtml
Usage Optional
Example The following code shows four different conditions using secid_pinerr:
<% IF secid_pinerr == 0%>NewPIN required<%ELSIF secid_pinerr == 1%>The Two PINs Entered Do NotMatch<%ELSIF secid_pinerr == 2%>Invalid PIN Format<%ELSIF secid_pinerr == 3%>Invalid PIN Length<%END%>
Related Topics secid_pinformat on page 125•
• secid_pinselectmode on page 126
secid_pinformat
Error message informing the end-user of the restrictions on the required PIN.
Object Type Template variable
Included In GeneratePin.thtml, NewPin-ppc.thtml, NewPin.thtml
Usage Optional
Example The following fragment shows how to use this variable to display a particular restriction:
Youmust create a new Personal Identification Number (PIN) before you can signin. Your PIN should be <% secid_pinformat%> long.
Related Topics secidpinformat on page 127
125Copyright © 2010, Juniper Networks, Inc.
Chapter 1: Custom sign-in pages
secid_pinselectmode
Sets the user’s PIN select mode.
Object Type Template variable
Included In GeneratePin.thtml, GeneratePin-ppc.thtml, NewPin-ppc.thtml, NewPin.thtml
Usage Optional
Example The following code creates a link and sets the login mode:
<% IF secid_pinselectmode == 1%>If you prefer, the system can<a href="secid_genpin.cgi?loginmode=<% secid_loginmode%>"onclick="gCancelNewPinMode=false;">generate a PIN</a> for you.<%END%>
Related Topics secidpinselectmode on page 128
secid_systempin
System-generated PIN.
Object Type Template variable
Included In ShowSystemPin.thtml, ShowSystemPin-ppc.thtml, GenerateNewPin.thtml,NewPin.thtml
Usage Optional
Example The following code sets the user’s PIN.
Your new PIN is <% secid_systempin%>Be sure to remember it, because you need your PIN each time you sign in.
Related Topics secidactionSavePin on page 127
secid_username
System-supplied username.
Object Type Template variable
Copyright © 2010, Juniper Networks, Inc.126
SA Series Custom Sign-in Pages
Included In GeneratePin.thtml, GeneratePin-ppc.thtml, NewPin.thtml, NewPin-ppc.thtml,
NextToken.thtml, NextToken-ppc.thtml, Defender-ppc.thtml, Defender.thtml,
LoginPage.thtml
Usage Required
Example The following code posts the username passed into the form back to the server:
<INPUT type=hidden name="username" value="<% secid_username%>">
Related Topics username on page 157
secidactionSavePin
Specifies an action to be taken when a new PIN is created.
Object Type HTML form field
Included In NewPin.thtml, NewPin-ppc.thtml, GeneratePin.thtml
Usage Required
Example The value of one of the following fields must be sent to the Secure Access server:
<INPUT type="submit" name="secidactionSavePin" value="Save PIN"><INPUT type="submit" name="secidactionCancel" value="Cancel">
Related Topics GeneratePin.thtml on page 64•
• NewPin.thtml on page 99
secidpinformat
Error message informing the end-user of the restrictions on the required PIN.
Object Type HTML form field
Included In NewPin.thtml, NewPin-ppc.thtml, GeneratePin.thtml
Usage Required
Example The following code assigns the secure ID PIN format:
<INPUT type=hidden name="secidpinformat" value="<% secid_pinformat%>">
Related Topics secid_pinformat on page 125
127Copyright © 2010, Juniper Networks, Inc.
Chapter 1: Custom sign-in pages
secidpinselectmode
Passes the user’s PIN select mode to the server.
Object Type HTML form field
Included In NewPin.thtml, NewPin-ppc.thtml, GeneratePin.thtml, GeneratePin-ppc.thtml
Usage Required
Example The following code assigns the PIN select mode:
<INPUT type=hidden name="secidpinselectmode"value="<% secid_pinselectmode%>">
Related Topics secid_pinselectmode on page 126
SecondaryLoginPage.thtml
Collects the user’s name and password for a secondary authentication server.
Object Type Template
Usage Optional. You must include the prompts variable in LoginPage.thtml in order to call this
template.
The prompts variable provides the proper form input names and indicates whether or
not the inputs are required. However, if you prefer, you can hardcode the form input names
into the page and it still works. Further, the sign-in process accepts form input names
user#2 and password#2 as the secondary credentials for any authentication server. The
names in the prompt variables include the authentication server name in this format:
user@ldap, password@ldap.
Required Variables None
Example None
Related Topics SecondaryLoginPage-ppc.thtml on page 128
SecondaryLoginPage-ppc.thtml
Collects the user’s name and password for a secondary authentication server. Pocket
PC version of “SecondaryLoginPage.thtml” on page 128.
Object Type Template
Copyright © 2010, Juniper Networks, Inc.128
SA Series Custom Sign-in Pages
Usage Optional. You must include the prompt variable in LoginPage.thtml in order to call this
template.
The prompts variable provides the proper form input names and indicates whether or
not the inputs are required. However, if you prefer, you can hardcode the form input names
into the page and it still works. Further, the sign-in process accepts form input names
user#2 and password#2 as the secondary credentials for any authentication server. The
names in the prompt variables include the authentication server name in this format:
user@ldap, password@ldap.
Required Variables None
Example None
Related Topics SecondaryLoginPage.thtml on page 128
SelectRole.thtml
Appears after the sign-in page and displays a list of roles from which the user can choose.
Object Type Template
Usage Optional. You may choose to customize this template if you have assigned your users to
multiple roles, but have not permissively merged those roles.
Required Variables None
Example None
Related Topics SelectRole-ppc.thtml on page 129
SelectRole-ppc.thtml
Appears after the sign-in page and displays a list of roles from which the user can choose.
Pocket PC version of “SelectRole.thtml” on page 129.
Object Type Template
Usage Optional. You may choose to customize this template if you have assigned your users to
multiple roles, but have not permissively merged those roles.
Required Variables None
Example None
Related Topics SelectRole.thtml on page 129
129Copyright © 2010, Juniper Networks, Inc.
Chapter 1: Custom sign-in pages
setFailed()
Called if the component is stopped intentionally.
Object Type JavaScript function
Included In Logout.thtml, PleaseWait.thtml
Usage component signifies the component that is being checked to see if it has been stopped
intentionally.
Example The following code stops Host Checker:
<%IF pleasewaitObjectHC%> setSucceeded('hc');<%END%>}catch (e) {<%IF pleasewaitObjectHC%> setFailed('hc'); <%END%>}
Related Topics setStarted() on page 131
setFinished
Called if the component has finished starting up.
Object Type JavaScript function
Included In Logout.thtml, PleaseWait.thtml
Usage Optional
component—Valid values for component are hc for Host Checker and cc for Cache
Cleaner.
componentExample The following code shows how setFinished is used in the Logout.thtml template:
function setFinished(component){document.getElementById(component).style.fontWeight = "normal";}
Related Topics Logout.thtml on page 85•
• PleaseWait.thtml on page 111
Copyright © 2010, Juniper Networks, Inc.130
SA Series Custom Sign-in Pages
SetLastRealm()
Enables users to select from multiple realms on the sign-in page.
Object Type JavaScript function
Included In LoginPage.thtml , LoginPage-ppc.thtml
Usage When the user signs in, this function retrieves the authentication realm selected by the
user and sets an expiration date of 30 days.
sValue—The name of the realm the user selects.
Example The following code shows the function:
function SetLastRealm(sValue) {var dtExpire = newDate();dtExpire.setDate(dtExpire.getDate() + 30);document.cookie = "lastRealm=" +escape(sValue) + "; expires=" + dtExpire.toGMTString();}
Related Topics LoginPage.thtml on page 79
setStarted()
Called if the component is started in order to stop it.
Object Type JavaScript function
Included In Logout.thtml, PleaseWait.thtml
Usage Required.
component—Name of the component.
Example The following code shows the function:
function setStarted(component){document.getElementById(component).style.fontWeight = "bold";}
Related Topics setFailed() on page 130
131Copyright © 2010, Juniper Networks, Inc.
Chapter 1: Custom sign-in pages
setSucceeded()
Called if the component is successfully stopped.
Object Type JavaScript function
Included In Logout.thtml, PleaseWait.thtml
Usage Required
Example The following code calls the function if Host Checker has been successfully stopped:
<%IF pleasewaitObjectHC%> setSucceeded('hc'); <%END%>
Related Topics setStarted() on page 131
setthankyou()
Sets the timeout value and calls the thankyou() function, which displays the login page
after the user has signed out.
Object Type JavaScript function
Included In Logout.thtml
Usage Required
Example The following code shows the function:
function setthankyou(){setTimeout("thankyou()", 2000);}
Related Topics thankyou() on page 152
setup_classid
The CLASSID of the ActiveX object.
Object Type Template variable
Included In Logout.thtml, PleaseWait.thtml
Usage Required
Copyright © 2010, Juniper Networks, Inc.132
SA Series Custom Sign-in Pages
Example The following example assigns the CLASSID if the delivery mechanism is ActiveX.
<%IF delivery_mode == 'activex'%><OBJECT <%setup_classid FILTER verbatim%> id=NeoterisSetup
Related Topics setup_codebase on page 133•
setup_codebase
The path and version information (CODEBASE) of the ActiveX object.
Object Type Template variable
Included In Logout.thtml, PleaseWait.thtml
Usage Required
Example The following example assigns the CODEBASE if the delivery mechanism is ActiveX.
<%IF delivery_mode == 'activex'%><OBJECT <%setup_classid FILTER verbatim%> id=NeoterisSetup<%setup_codebase FILTER verbatim%>width=0 height=0 ></OBJECT>
Related Topics setup_classid on page 132•
Setupappversion
The version of the Java installer setup application.
Object Type Template variable
Included In Logout.thtml
Usage Required
Example The following example assigns the setupappversionafter determining the delivery mode:
<% IF delivery_mode == 'java'%><APPLET code=dsSetupApplet.classcode=dsSetupAppletid=NeoterisSetuparchive="NeoterisSetupApplet.jar"MAYSCRIPTwidth=0 height=0codebase="/dana-cached/setup/" ><PARAMNAME="SetupAppVersion" VALUE="<% setupappversion%>">
133Copyright © 2010, Juniper Networks, Inc.
Chapter 1: Custom sign-in pages
Related Topics Logout.thtml on page 85
setup_codebase
Codebase of Juniper Networks NeoterisSetup ActiveX control.
Object Type Template variable
Included In Logout.thtml, PleaseWait.thtml
Usage Optional
Example The following code declares the codebase:
<OBJECT classid="clsid:4CC35DAD-40EA-4640-ACC2-A1A3B6FB3E06"id=NeoterisSetup<% setup_codebase FILTER verbatim%>width=0 height=0 ></OBJECT>
Related Topics Logout.thtml on page 85•
• PleaseWait.thtml on page 111
showButtons
Boolean indicating whether or not to show any of the action buttons.
Object Type Template variable
Included In Remediate.thtml , Remediate-ppc.thtml
Usage Required
Example The following code tests showButtons. If true, then the code continues to test other
directives to determine which action buttons to display:
<% IF showButtons%><% IF showTryAgain%><input name="btnTryAgain" type="button" value="<% textTryAgain%>"onClick="TryAgain()" <%disabled%>><%END%><% IF showRemedOption%><input name="btnHideRemed" type="button"value="<% textRemedOption%>" onClick="HideRemed();<%disabled%>"><%HC_REMED_SHOW_ADV_PREFS%><%END%>
Copyright © 2010, Juniper Networks, Inc.134
SA Series Custom Sign-in Pages
<% IF showContinue%><input name="btnContinue" type="button" value="<% textContinue%>"onClick="Continue()"><%END%><% IF showClose%><input name="btnClose" type="button" value=" <% textClose%> "onClick="javascript:self.close()"><%END%><%END%>
Related Topics showContinue on page 136•
• showClose on page 135
• showRemedOption on page 137
• showTryAgain on page 138
showChangePasswordTitle
Boolean indicating whether or not to show primary/secondary password change title.
Object Type Template variable
Included In PasswordChange.thtml , PasswordChange-ppc.thtml
Usage Optional.
Example The following code tests the variable. If true, the code then displays the value contained
in changePasswordTitle:
<%IF showChangePasswordTitle%><%changePasswordTitle FILTER verbatim%><%END%>
Related Topics changePasswordTitle on page 52•
• PasswordChange.thtml on page 107
showClose
Boolean indicating whether or not to show the Close button.
Object Type Template variable
Included In Remediate.thtml , Remediate-ppc.thtml
Usage Required
135Copyright © 2010, Juniper Networks, Inc.
Chapter 1: Custom sign-in pages
Example The following code tests showClose. If true, the code constructs a button that closes the
page when the user clicks it:
<% IF showClose%><input name="btnClose" type="button" value=" <% textClose%> "onClick="javascript:self.close()"><%END%>
Related Topics showContinue on page 136
showContinue
Boolean indicates whether or not to show the Continue button.
Object Type Template variable
Included In Remediate.thtml , Remediate-ppc.thtml
Usage Required
Example The following code shows a Continue button if the showContinue variable is true:
<% IF showContinue%><input name="btnContinue" type="button" value="<% textContinue%>"onClick="Continue()"></td><%END%>
Related Topics Remediate.thtml on page 119
showHeading
flag to determine if we should show heading
Object Type Template variable
Included In Remediate.thtml , Remediate-ppc.thtml
Usage Required
Example The following code displays message text if the showHeading variable is true:
<% IF showHeading%><%msg FILTER verbatim%><%END%>
Related Topics Remediate.thtml on page 119
Copyright © 2010, Juniper Networks, Inc.136
SA Series Custom Sign-in Pages
showLoading
Boolean indicates whether or not to show text during the loading of ActiveX or an applet.
Object Type Template variable
Included In Remediate.thtml , Remediate-ppc.thtml
Usage Required
Example The following code displays message text if the showLoading variable is true:
<% IF showLoading%><%pleasewait%><%HC_REMED_POLICIES_CHECK%>
Related Topics Remediate.thtml on page 119
showRemedOption
Boolean indicates whether or not to show the button that displays the message: Do not
show remediation for this session.
Object Type Template variable
Included In Remediate.thtml , Remediate-ppc.thtml
Usage Required
Example The following code tests the value of showRemedOption. If true, the code hides the
remediation button:
<% IF showRemedOption%><input name="btnHideRemed" type="button"value="<% textRemedOption%>" onClick="HideRemed(); <%disabled%>"><%HC_REMED_SHOW_ADV_PREFS%><%END%>
Related Topics Remediate.thtml on page 119
showPolicies
Boolean indicating whether or not to show remediation policies.
Object Type Template variable
137Copyright © 2010, Juniper Networks, Inc.
Chapter 1: Custom sign-in pages
Included In Remediate.thtml , Remediate-ppc.thtml
Usage Required
Example The following code tests the values of several template variables:
<% IF showHeading || showPolicies || showButtons%>
Related Topics Remediate.thtml on page 119
ShowSystemPin.thtml
Displays the system-generated PIN to the user.
Object Type Template
Usage Optional
Required Variables None
Example None
Related Topics ShowSystemPin-ppc.thtml on page 138
ShowSystemPin-ppc.thtml
Displays the system-generated PIN to the user. Pocket PC version of
“ShowSystemPin.thtml” on page 138.
Object Type Template
Usage Optional
Required Variables None
Example None
Related Topics ShowSystemPin.thtml on page 138
showTryAgain
Boolean that indicates whether or not to show the Try Again button.
Object Type Template variable
Copyright © 2010, Juniper Networks, Inc.138
SA Series Custom Sign-in Pages
Included In Remediate.thtml , Remediate-ppc.thtml
Usage Required
Example The following code checks the variable and, if true, displays the Try Again button. The
code also disables the button once the end-user has clicked it:
<% IF showTryAgain%><input name="btnTryAgain" type="button" value="<% textTryAgain%>"onClick="TryAgain()" <%disabled%>><%END%>
Related Topics TryAgain on page 153
signinAgain
Boolean that indicates whether or not to display the login page after users log out.
Object Type Template variable
Included In Logout.thtml
Usage Optional
Example The following code checks the variable and, if true, redirects the user to the sign-in page
(welcome.cgi).
<% IF signinAgain%><a href="welcome.cgi" ><div id=signindiv><% signinAgain FILTER verbatim%>
Related Topics None
signInLink
Provides the link to the start page.
Object Type Form variable
Included In Logout.thtml
Usage Optional. If you want to provide the user the ability to sign in again, you must include this
link in the href tag.
Example None
139Copyright © 2010, Juniper Networks, Inc.
Chapter 1: Custom sign-in pages
Related Topics Logout.thtml on page 85
SM-NewPinSelect.thtml
Prompts the user to enter a new PIN or create a system-generated PIN before signing
into Secure Access.
Object Type Template
Usage Required for SiteMinder authentication.
Required Variables “secid_loginmode” on page 124
Example None
Related Topics SM-NewPinSelect-ppc.thtml on page 140
SM-NewPinSelect-ppc.thtml
Prompts the user to enter a new PIN or create a system-generated PIN before signing
into Secure Access. Pocket PC version of “SM-NewPinSelect.thtml” on page 140.
Object Type Template
Usage Required for SiteMinder authentication on a Pocket PC.
Required Variables “secid_loginmode” on page 124
Example None
Related Topics SM-NewPinSelect.thtml on page 140
SM-NewPinSystem.thtml
Enables the user to create a system-generated PIN if the user selects the System PINoption in the SM-NewPinSelect.thtml page.
Object Type Template
Usage Optional
Required Variables “secid_loginmode” on page 124
Example None
Copyright © 2010, Juniper Networks, Inc.140
SA Series Custom Sign-in Pages
Related Topics SM-NewPinSelect.thtml on page 140
SM-NewPinSystem-ppc.thtml
Enables the user to create a system-generated PIN if the user selects the System PINoption in the SM-NewPinSelect-ppc.thtml page. Pocket PC version of
“SM-NewPinSystem.thtml” on page 140.
Object Type Template
Usage Optional
Required Variables “secid_loginmode” on page 124
Example None
Related Topics SM-NewPinSelect-ppc.thtml on page 140
SM-NewUserPin.thtml
Prompts the user to create a new PIN if he selects the Enter PIN option in the SM-
NewPinSelect.thtml page.
Object Type Template
Usage Optional. Also determines if the two PINs entered by the user match and alerts the user
if necessary. When configuring the secid_pinserr variable (which stores the error code
and message that informs the user if he mis-entered his PIN), note that possible values
include:
Table 13: New PIN Assignment Messages
ValueCode
New PIN Assignment0
The Two PINs Entered Do Not Match1
Required Variables “secid_loginmode” on page 124
Example None
Related Topics SM-NewPinSelect.thtml on page 140
141Copyright © 2010, Juniper Networks, Inc.
Chapter 1: Custom sign-in pages
SM-NewUserPin-ppc.thtml
Prompts the user to create a new PIN if he selects the Enter PIN option in the SM-
NewPinSelect-ppc.thtml page.
Object Type Template
Usage Optional. Also determines if the two PINs entered by the user match and alerts the user
if necessary. When configuring the secid_pinserr variable (which stores the error code
and message that informs the user if he mis-entered his PIN), note that possible values
include:
Table 14: New PIN Assignment Messages
ValueCode
New PIN Assignment0
The Two PINs Entered Do Not Match1
Required Variables “secid_loginmode” on page 124
Example None
Related Topics SM-NewUserPin.thtml on page 141
SM-NextToken.thtml
Prompts the user to verify his credentials by entering his SecureID token code.
Object Type Template
Usage Optional. For information the JavaScript, form definitions, form fields, and variables
contained in these templates, see comments in the templates.
NOTE: If you prohibit the use of System-generated PINS, you do not need to includeSM-NewPinSelect.thtml and SM-NewPinSystem.thtml in the zip file that you upload to
Secure Access.
Required Variables “secid_loginmode” on page 124
Example None
Related Topics SM-NewPinSelect.thtml on page 140•
Copyright © 2010, Juniper Networks, Inc.142
SA Series Custom Sign-in Pages
• SM-NewPinSystem.thtml on page 140
SM-NextToken-ppc.thtml
Prompts the user to verify his credentials by entering his SecureID token code. Pocket
PC version of “SM-NextToken.thtml” on page 142.
Object Type Template
Usage Optional. For information the JavaScript, form definitions, form fields, and variables
contained in these templates, see comments in the templates.
NOTE: If you prohibit the use of System-generated PINs, you do not need to includeSM-NewPinSelect-ppc.thtml and SM-NewPinSystem-ppc.thtml in the zip file that you
upload to Secure Access.
Required Variables “secid_loginmode” on page 124
Example None
Related Topics SM-NewPinSelect-ppc.thtml on page 140•
• SM-NewPinSystem-ppc.thtml on page 141
softid_error
Set if the ACE/SoftID authentication server returns errors.
Object Type Template variable
Included In GeneratePin.thtml (ACE/softID), LoginPage.thtml (ACE/softID), NewPin.thtml
(ACE/softID), NextToken.thtml (ACE/softID)
Usage Required
Example The following code assigns any SoftID errors to a JavaScript variable:
var error= "<% softid_error%>";
Related Topics softid_time on page 144
143Copyright © 2010, Juniper Networks, Inc.
Chapter 1: Custom sign-in pages
softid_time
Contains the ACE/SoftID authentication server time.
Object Type Template variable
Included In LoginPage.thtml (ACE/softID)
Usage Required by authenticate() function.
Example The following code assigns the ACE/SoftID time to a time variable:
var time = <% softid_time%> ;
[Warning: element unresolved in stylesheets: <title> (in <related-topics>). This is probably
a new element that is not yet supported in the stylesheets.]
LoginPage.thtml on page 79
SSL.thtml
Displays an error if authentication fails and the user is not allowed to sign into Secure
Access.
Object Type Template
Usage You must always include SSL.thtml in your zip file. This is a standard Secure Access page
that displays an error if authentication fails or realm-level checks fail and the user is not
allowed to sign into Secure Access. This template does not contain any JavaScript or
forms. However, it does contain error message variables. For more information, see
comments in the template.
Required Variables None
Example None
Related Topics SSL-ppc.thtml on page 144
SSL-ppc.thtml
Displays an error if authentication fails or realm-level checks fail and the user is not
allowed to sign into Secure Access. Pocket PC version of template “SSL.thtml” on page 144.
Object Type Template
Copyright © 2010, Juniper Networks, Inc.144
SA Series Custom Sign-in Pages
Usage You must always include SSL.thtml in your zip file. This template does not contain any
JavaScript or forms. However, it does contain error message variables. For more
information, see comments in the template.
Required Variables None
Example None
Related Topics SSL.thtml on page 144
Start_onclick()
Initiates the proper applets when beginning a meeting session.
Object Type JavaScript function
Included In MeetingRun.thtml
Usage Required
Example The following code shows the Start_onclick() function:
function Start_onclick() {if ( typeof(NeoterisSetup) != "undefined") {try {NeoterisSetup.startSession();return 0;} catch (e) {return Start_onclick_applet();}} else {return Start_onclick_applet();}}
Related Topics MeetingRun.thtml on page 88
Start_onclick_java()
Configures the session manager.
Object Type JavaScript function
Included In MeetingRun.thtml
Usage Required. Called by various pages from which the user starts and stops meeting sessions.
145Copyright © 2010, Juniper Networks, Inc.
Chapter 1: Custom sign-in pages
Example The following code illustrates how the function begins to configure the session manager:
function Start_onclick_java() {var sOptions = "resizable=no,scrollbars=no,status,width=250,height=150";var x,y;
if (screen) {if ((screen.availWidth) && (screen.availHeight)) {x = screen.availWidth - 290; // 40 pixel slopy = screen.availHeight - 190; // 40 pixel slop
sOptions += ",left=" + x + ",screenX=" + x + ",top=" + y + ",screenY=" + y;}}
Related Topics MeetingRun.thtml on page 88
start_status
Status of the started Host Checker or Cache Cleaner instance.
Object Type JavaScript variable
Included In PleaseWait.thtml
Usage Required. The return status equals 1 if a test of this variable fails.
Example The following code shows how the getStatus function uses the start_status variable:
function getStatus(){return start_status;}
Related Topics PleaseWait.thtml on page 111
StartCC()
Enables the current user to start Cache Cleaner.
Object Type JavaScript function
Included In PleaseWait.thtml
Usage Optional
Example None
Related Topics PleaseWait.thtml on page 111•
Copyright © 2010, Juniper Networks, Inc.146
SA Series Custom Sign-in Pages
StartHC()
Enables the current user to start Host Checker.
Object Type JavaScript function
Included In PleaseWait.thtml
Usage Optional
Example None
Related Topics PleaseWait.thtml on page 111•
• StartCC() on page 146
started
Boolean indicating that a meeting instance has started.
Object Type Template variable
Included In MeetingSelect.thtml
Usage Required
Example The following code checks to see if meetings have started, and if so, populates the page
with sign-in components corresponding to each meeting.
<% IF rows%><%FOREACHmeeting =meetings%><input type="button" value=" > "onclick="self.location='/dana-na/meeting/<%signin%>login_meeting.cgi?mid=<%mid%>&occurrence=<%meeting.3%><%params%>'"><% started%><%meeting.0%><%meeting.1%><%meeting.2%><%END%><%END%>
Related Topics MeetingSelect.thtml on page 89
startPageLink
Page Link for the Welcome Page.
147Copyright © 2010, Juniper Networks, Inc.
Chapter 1: Custom sign-in pages
Object Type Template variable
Included In GraceLoginUsed.thtml, GraceLoginUsed-ppc.thtml, PasswordExpiration.thtml,
PasswordExpiration-ppc.thtml
Usage Required. Must be added as an href link. Provides a link in the page, allowing user to
navigate to the Welcome page.
Example The following code shows this variable used as an href link:
<a href="<% startPageLink%>">Click here to go toWelcome Page</a>
Related Topics GraceLoginUsed.thtml on page 67•
• PasswordExpiration.thtml on page 108
startSessionReDir
Initiates a redirect on finding that a meeting applet needs to be installed.
Object Type Template variable
Included In MeetingAppletInstaller.thtml, MeetingTrouble.thtml
Usage Required
Example<PARAMNAME="StartSessionReDir" VALUE="<% startSessionReDir%>">
Related Topics MeetingAppletInstaller.thtml on page 87•
• MeetingTrouble.thtml on page 91
stopComponents()
Performs a variety of shutdown checks and operations, shutting down Host Checker,
Cache Cleaner, and Win32 applets, if necessary, when the end-user signs out.
Object Type JavaScript function
Included In Logout.thtml
Usage Required
Example<% IF (pleasewaitObjectCC || pleasewaitObjectHC || pleasewaitWin32) &&delivery_mode == 'java'%>
Copyright © 2010, Juniper Networks, Inc.148
SA Series Custom Sign-in Pages
onload="javascript:stopComponents()"<%END%>
Related Topics delivery_mode on page 56
SubmitClicked()
Saves or cancels a PIN per the user’s request.
Object Type JavaScript function
Included In GeneratePin.thtml, GeneratePin-ppc.thtml, NewPin.thtml, NewPin-ppc.thtml,
NextToken.thtml,NextToken-ppc.thtml,SM-NewUserPin.thtml,SM-NewUserPin-ppc.thtml
GeneratePin.thtml,NewPin.thtml,
Required. You must include this function in the header of GeneratePin.thtml.
NextToken.thtml,SM-NewUserPin.thtmlUsage
Example From GeneratePin.thtml:
function SubmitClicked() {gCancelNewPinMode = false;return true;
}
From SM-NewUserPin.thtml:
function SubmitClicked() {if (document.frmNewPin.password2.value !=
document.frmNewPin.password3.value) {alert("The Two PINs Entered Do NotMatch");document.frmNewPin.password2.focus();return false;
}}
Related Topics GeneratePin.thtml on page 64•
• NewPin.thtml on page 99
• NextToken.thtml on page 101
• SM-NewUserPin.thtml on page 141
submitFrmCasque()
Initiates the download of the CASQUE RADIUS server.
Object Type JavaScript function
149Copyright © 2010, Juniper Networks, Inc.
Chapter 1: Custom sign-in pages
Included In Defender.thtml
Usage Required if CASQUE RADIUS server is needed.
Example The following code shows the action to initiate the CASQUE server:
function submitFrmCasque() {document.frmCasque.action = "/dana-na/download/x.casque?url=/dana-na/auth/welcome.cgi";document.frmCasque.submit();}
Related Topics Defender.thtml on page 56•
• frmCasque on page 61
testjava_ini
Boolean indicating whether or not Secure Access needs to perform a compatibility check
for Java.
Object Type Template variable
Included In MeetingTestJava.thtml
Usage Required
Example<APPLET<% testjava_ini FILTER verbatim%><PARAMNAME="TestJavaApplet" VALUE="true"><PARAMNAME="RedirectUrl"VALUE="/danana/meeting/<%signin%>meeting_testresult.cgi
?java=1&<%mid_param%>"></APPLET>
Related Topics MeetingTestJava.thtml on page 90
textClose
Default text for the Close button.
Object Type Template variable
Included In Remediate.thtml , Remediate-ppc.thtml
Copyright © 2010, Juniper Networks, Inc.150
SA Series Custom Sign-in Pages
Usage Required. Used by Secure Access to dynamically update the button name, depending
upon the user’s activity.
Example The following code changes the button to a Close button:
<% IF showClose%><input name="btnClose" type="button" value=" <% textClose%> "onClick="javascript:self.close()"><%END%>
Related Topics textContinue on page 151•
• textRemedOption on page 151
• textTryAgain on page 152
textContinue
Default text for the Continue button.
Object Type Template variable
Included In Remediate.thtml , Remediate-ppc.thtml
Usage Required. Used by Secure Access to dynamically update the button name, depending
upon the user’s activity.
Example<% IF showContinue%><input name="btnContinue" type="button" value="<% textContinue%>"onClick="Continue()"><%END%>
Related Topics textClose on page 150•
• textRemedOption on page 151
• textTryAgain on page 152
textRemedOption
Default text for the Do not show remediation for this session button.
Object Type Template variable
Included In Remediate.thtml , Remediate-ppc.thtml
Usage Required. Used by Secure Access to dynamically update the button name, depending
upon the user’s activity.
151Copyright © 2010, Juniper Networks, Inc.
Chapter 1: Custom sign-in pages
Example<% IF showRemedOption%><input name="btnHideRemed" type="button"value="<% textRemedOption%>"onClick="HideRemed(); <%disabled%>"><%HC_REMED_SHOW_ADV_PREFS%><%END%>
Related Topics textClose on page 150•
• textContinue on page 151
• textTryAgain on page 152
textTryAgain
Default text for the Try Again button.
Object Type Template variable
Included In Remediate.thtml , Remediate-ppc.thtml
Usage Required. Used by Secure Access to dynamically update the button name, depending
upon the user’s activity.
Example<% IF showTryAgain%><input name="btnTryAgain" type="button" value="<% textTryAgain%>"onClick="TryAgain()" <%disabled%>><%END%>
Related Topics textClose on page 150•
• textContinue on page 151
• textRemedOption on page 151
thankyou()
Removes components and displays the login page after an end-user signs out.
Object Type JavaScript function
Included In Logout.thtml
Usage Optional
Example The function checks to see which application is being stopped and removed, then displays
either an error or the sign-in page.
Copyright © 2010, Juniper Networks, Inc.152
SA Series Custom Sign-in Pages
function thankyou(){<%IF pleasewaitObjectHC%>removeBulb('hc');removeComponent('hc');<%END%><%IF pleasewaitObjectCC%>removeBulb('cc');removeComponent('cc');<%END%>document.getElementById('pleasewait1').innerHTML ="<%LoginPageErrorMessage FILTER verbatim%>";document.getElementById('signindiv').innerHTML ="Click here to sign in again";}
Related Topics setthankyou() on page 132
troubleshooting
Contains the troubleshooting text string.
Object Type Template variable
Included In MeetingAppletInstaller.thtml, MeetingRunJava.thtml
Usage Required
Example The following code checks to see if there is a troubleshooting string. If yes, then it displays
the text string, as is:
<% IF troubleshooting%><% troubleshooting FILTER verbatim%><%END%>
Related Topics MeetingAppletInstaller.thtml on page 87•
• MeetingRunJava.thtml on page 88
TryAgain
Submits the hidden form when the user clicks the Try Again button.
Object Type JavaScript function
Included In Remediate.thtml , Remediate-ppc.thtml
Usage Required
153Copyright © 2010, Juniper Networks, Inc.
Chapter 1: Custom sign-in pages
Example<% IF showTryAgain%><input name="btnTryAgain" type="button" value="<% textTryAgain%>"onClick="TryAgain()" <%disabled%>><%END%>
Related Topics showTryAgain on page 138
type
Contains the type of client to use when running Meeting.
Object Type Template variable
Included In MeetingTrouble.thtml
Usage Required. Allowable values are:
• activex
• java
• applet
Example The following code checks to see if the type of client is ActiveX:
<% IF type == 'activex'%><OBJECT<% ini FILTER verbatim%><PARAMNAME="StartSessionReDir" VALUE="<%startSessionReDir%>"><PARAMNAME="UninstallReDir" VALUE="<%uninstallReDir%>"><PARAMNAME="locale" VALUE="<%locale%>"></OBJECT><%END%>
Related Topics MeetingTrouble.thtml on page 91
tz_offset
Contains the time zone offset.
Object Type HTML form field
Included In LoginPage.thtml , LoginPage-ppc.thtml
Usage Required. The Login() function uses the tz _offset (time zone offset) value to help
determine the user’s time zone.
Example The following code shows how the tz_offset field is used in an HTML form.
Copyright © 2010, Juniper Networks, Inc.154
SA Series Custom Sign-in Pages
<input type="hidden" name="tz_offset">
Related Topics LoginPage.thtml on page 79
uninstall_action
Indicates the type of action to take when having trouble launching a meeting instance.
Object Type Template variable
Included In MeetingTrouble.thtml
Usage Required
Example The following code illustrates the use of the uninstall_action variable:
<% IF type == 'activex' || type == 'applet'%>If you encounter problems launching Secure Meeting, uninstall the versionthat is currently on your system.<input type="button" value="Uninstall" id=Uninstall name=button2LANGUAGE=javascript onclick="<%uninstall_action%>">After uninstalling, return to the "Join Meeting" page and click "Start Meeting"or "Join Meeting" to reinstall the latest Secure Meeting application.<br><%END%>
Related Topics Uninstall_applet() on page 155
Uninstall_applet()
Initiates the uninstallation of an applet.
Object Type JavaScript function
Included In MeetingTrouble.thtml
Usage Required. Note that the first character is upper cased.
Example The following code is the uninstall_applet() function:
Uninstall_applet() {window.location = "/dana-na/meeting/meeting_appletuninstall.cgi?mid=<%mid%>&occurrence=<%occurrence%>&type=<%type%>";return true;}
Related Topics MeetingTrouble.thtml on page 91
155Copyright © 2010, Juniper Networks, Inc.
Chapter 1: Custom sign-in pages
Uninstall_onclick()
Initiates the uninstall script.
Object Type JavaScript function
Included In MeetingTrouble.thtml
Usage Required. Note that the first character is upper cased.
Example The following code is the uninstall_onclick() function:
Uninstall_onclick() {if ( typeof(NeoterisSetup) != "undefined" ) {NeoterisSetup.uninstall();return 1;
}else {return 0;
}}
Related Topics MeetingTrouble.thtml on page 91
uninstallReDir
Contains the location of the page to go to on an uninstall.
Object Type Template variable
Included In MeetingAppletInstaller.thtml, MeetingTrouble.thtml
Usage Required
Example The following code assigns the uninstall redirect page to a form parameter:
<PARAMNAME="UninstallReDir" VALUE="<%uninstallReDir%>">
Related Topics MeetingAppletInstaller.thtml on page 87•
• MeetingTrouble.thtml on page 91
UninstallCC
Indicates whether or not Cache Cleaner uninstall is enabled.
Object Type Template variable
Copyright © 2010, Juniper Networks, Inc.156
SA Series Custom Sign-in Pages
Included In Logout.thtml
Usage Required. Not to be confused with JavaScript variable uninstallcc.
Example The following code checks to see that the Cache Cleaner uninstall is enabled. If yes, then
the code sets the JavaScript uninstallcc variable to 1, which indicates that the system
should uninstall if the JavaScript function stopCC() is running:
<%IF uninstallCC%>uninstallcc = 1;<%END%>
Related Topics StartCC() on page 146
upAndRunning()
Indicates whether or not Host Checker or Cache Cleaner are up and running after they
are started.
Object Type JavaScript function
Included In PleaseWait.thtml
Usage Optional
Example None
Related Topics PleaseWait.thtml on page 111
username
This field is required for all types of authentication servers except anonymous servers
and certificate servers.
Object Type Template variable
Included In LoginMeeting.thtml, MeetingAppletInstaller.thtml, MeetingRun.thtml
Usage Required. As an example of username’s use, Login.cgi (a Perl script on Secure Access)
passes the username value to the appropriate authentication server.
Example The following example shows the use of the username variable in a meeting sign-in
sequence:
<PARAMNAME="Parameter0"
157Copyright © 2010, Juniper Networks, Inc.
Chapter 1: Custom sign-in pages
VALUE="meeting_id=<%instanceId%>;user_name=<%username%>;cert_md5=<%cert_md5%>;ncp_read_timeout=<%ncp_read_timeout%>">
Related Topics password on page 105
warnings
Contains meeting warnings.
Object Type Template variable
Included In MeetingRun.thtml
Usage Required
Example The following code is included in MeetingRun.thtml. You should not modify the code:
<%warnings FILTER verbatim%>
Related Topics MeetingRun.thtml on page 88
welcome
Contains the welcome message string.
Object Type Template variable
Default Value “Welcome to the”
Included In LoginPage.thtml, LogoutPage.thtml,SSL.thtml,SecondaryLoginPage.thtml, Logout.thtml,
Defender.thtml, ExceededConcurrent.thtml, GeneratePin.thtml, NewPin.thtml,
NextToken.thtml, ShowSystemPin.thtml
Usage Optional
Example <form name="frmLogin" action=login.cgi method="POST" autocomplete=offonsubmit="return Login(<% setcookies%>)"><input type="hidden" name="tz_offset"><%welcome FILTER verbatim%>
Related Topics None
win32
Indicates whether or not the client operating system is Windows.
Copyright © 2010, Juniper Networks, Inc.158
SA Series Custom Sign-in Pages
Object Type Template variable
Included In Logout.thtml, MeetingTestJS.thtml
Logout.thtmlUsage Required
Example The following code checks to see if the operating system is Windows. If yes, the code
loads redirects the page to a page to test the compatibility of Microsoft Java:
function checkActiveX () {var win = <%win32%>;try {NeoterisSetup.isValid();document.form1.submit();return true;} catch (e) {var url = win ? "/dana-na/meeting/<%signin%>meeting_testmsjava.cgi?<%mid_param%>" : "/dana-na/meeting/<%signin%>meeting_testjava.cgi?<%mid_param%>";document.location.replace(url);}}
Related Topics MeetingTestMSJava.thtml on page 91
None
159Copyright © 2010, Juniper Networks, Inc.
Chapter 1: Custom sign-in pages
Index
AAccept-Language...................................................................40
Accept-Language header abbreviations........................41
ActivePerl....................................................................................14
AnonymousAuthentication variable, discussed.........45
AppConfig...................................................................................14
arithmetic operators, defined.............................................22
authentication servers
SiteMinder
custom sign in pages...........................................59
Bblock directives, defined.......................................................23
CCache Cleaner
custom pages...........................................................85, 111
CALL directive, restriction....................................................24
Cancel.thtml, discussed.......................................................52
CASE directive, discussed....................................................23
CertificateAuthentication variable, discussed..............51
conditional operators, discussed......................................22
conditional test, creating.....................................................23
custom help files......................................................................13
custom sign-in pages............................................................40
localizing...........................................................................40
customer support....................................................................xx
contacting JTAC...............................................................xx
Cygwin..........................................................................................14
DDefender.thtml, discussed..................................................56
directive, defined......................................................................16
EELSIF directives, discussed..................................................23
END directive, discussed......................................................23
errors
modifying...........................................................................81
ExceededConcurrent.thtml, discussed...........................57
FFILTER directive, restriction.................................................24
FinishLoad() function, discussed.....................................59
FOREACH loop, discussed...................................................24
GGeneratePin.thtml, discussed...........................................64
GET directive, discussed.......................................................18
GetCookieValue(sName) function, discussed............65
getTimezoneOffset() function, discussed....................77
GraceLoginUsed.thtml, discussed....................................67
HHome variable, discussed....................................................72
Host Checker
custom pages...........................................................85, 111
IIF directive, discussed............................................................23
INCLUDE......................................................................................18
INSERT.........................................................................................18
internationalization...............................................................40
INTERPOLATE directive, restriction.................................24
JJ-SAM See Secure Application Manager, J-SAM
Kkeyboard.js.................................................................................75
Kiosk.zip......................................................................................10
Kiosk.zip, discussed................................................................42
Llanguages..................................................................................40
Linux..............................................................................................14
localization................................................................................40
Login() function, discussed.................................................77
Login.cgi, discussed..............................................................157
LoginPage.thtml, customizing....................................79, 80
LoginPage.thtml, discussed........................................79, 80
163Copyright © 2010, Juniper Networks, Inc.
LoginPageErrorCode...............................................................81
LoginPageErrorCode variable, discussed..............84, 85
LoginPageErrorMessage variable,
discussed........................................................................81, 85
Logout.thtml, discussed...............................................85, 86
MMac OS X....................................................................................14
mathematical operators, defined.....................................22
Meeting.zip.................................................................................10
NNewPin.thtml, discussed.....................................................99
NextToken.thtml, discussed.....................................100, 101
PPasswordChange.thtml, discussed................................107
PasswordExpiration.thtml, discussed..........................108
Perl AppConfig..........................................................................14
PERL directive, restriction....................................................24
Pocket PC
custom sign in pages...............................................11, 26
PROCESS..............................................................................17, 18
RRAWPERL directive, restriction..........................................24
RealmList variable, discussed............................................117
recallLastRealmUsed() function, discussed...............117
RSA Soft ID client....................................................................10
RSA SoftID client, custom pages......................................42
Ssample templates
downloading.....................................................................15
Sample.zip.................................................................................10
samples.zip, discussed.........................................................25
secid_pinselectmode variable, discussed...........99, 100
secid_pinserr variable, discussed...........................99, 100
Secure Application Manager
J-SAM
custom pages.........................................................85
SelectRole.thtml, discussed.............................................129
SET directive, discussed.......................................................18
SetLastRealm(sValue) function, discussed...............130
ShowSystemPin.thtml, discussed.........................137, 138
sign-in page, customizing............................................79, 80
SM-NewPinSelect.thtml, discussed.............................140
SM-NewPinSystem.thtml, discussed...........................140
SM-NewUserPin.thtml, discussed..................................141
SM-NextToken.thtml, discussed.....................................142
SoftID.zip....................................................................................10
SoftID.zip, discussed..............................................................42
SSL.thtml, discussed...........................................................144
support, technical See technical support
SWITCH directive, discussed..............................................23
TTAGS directive, restriction....................................................24
technical support
contacting JTAC...............................................................xx
template comments...............................................................18
Template Toolkit.......................................................................13
Template Toolkit documentation......................................18
template toolkit language, discussed..............................16
template variable
LoginPageErrorCode......................................................81
thtml files..................................................................................40
tpage.............................................................................................15
ttree...............................................................................................15
tz _offset variable, discussed............................................154
tz_offset variable, discussed...............................................77
UUSE directive, restriction......................................................24
WWHILE loop, discussed.........................................................24
Windows.....................................................................................14
Copyright © 2010, Juniper Networks, Inc.164
SA Series Custom Sign-in Pages